Taiwan Targeted In Espionage Campaign

Uploaded on 2024-07-02 in NEWS-Cybersecurity News, INTELLIGENCE-Hot Spots-China, GOVERNMENT-National, FREE TO VIEW, TECHNOLOGY--Hackers

Chinese state-sponsored hackers have been targeting dozens of organisations in Taiwan, including universities, state agencies, electronics manufacturers and religious organisations, according to new  research. At least 75 government, technology, and academic organisations across Taiwan have been targeted for reconnaissance as part of a cyber espionage operation.

The hacking group, known as RedJuliett, is likely interested in Taiwan’s economic policies and diplomatic relations with other countries, according to analysts from Recorded Future’s Insikt Group.

RedJuliett exploited vulnerabilities in Internet-facing appliances, such as firewalls and virtual private networks (VPNs), to compromise its targets, which included tech firms, government agencies and universities, Recorded Future said.

RedJuliett, also known as Flax Typhoon, was first identified by Microsoft in 2023 but has been active since mid-2021, predominantly targeting Taiwan.

“Microsoft has observed a distinctive pattern of malicious activity almost exclusively affecting organisations in Taiwan using techniques that could be easily reused in other operations outside the region and would benefit from broader industry visibility. Microsoft attributes this campaign to Flax Typhoon (overlaps with ETHEREAL PANDA), a nation-state actor based out of China,” according to Microsoft.

In another espionage campaign observed between December 2023 and April 2024 by Insikt Group, the group conducted reconnaissance or attempted exploitation of Taiwanese organisations, along with other targets  in Hong Kong, Malaysia, Laos, the Philippines, South Korea, Kenya, Rwanda, Djibouti and the US.

In Taiwan, which faces ongoing sovereignty threats from China, the group shows an interest in technology companies, including those involved in the development of optoelectronics, facial recognition and semiconductors. The hackers' targets also include aerospace companies that have contracts with the Taiwanese military, computing industry associations and religious organisations.

RedJuliett is known for exploiting Internet-facing devices such as firewalls, load balancers, and enterprise VPNs for initial access

Like many other Chinese threat actors, the group is likely targeting vulnerabilities in these devices because they have limited visibility and security solutions available, and targeting them has proven to be an effective way to scale initial access, researchers said.

According to the Inskit report, RedJuliett likely operates from Fuzhou, the capital of Fujian province in China, which is relatively close to Taiwan.  RedJuliett will “almost certainly” continue to conduct high-tempo cyber-espionage operations with a focus on Taiwanese technology, government, educational, and think tank organisations, according to Insikt Group.

“We also anticipate that Chinese state-sponsored groups will continue to focus on conducting reconnaissance against and exploiting public-facing devices, as this has proved a successful tactic in scaling initial access against a wide range of global targets,” researchers added.

Attacks by RedJuliett have also successfully compromised two dozen entities around the world, including government organisations in Kenya, Laos, and Rwanda, during the same period, an analysis from Recorded Future's Insikt Group showed.

Recorded Future     |     Microsoft     |     Al Jazeera     |     SC Media     |     The Hacker News   |   The Record    

Image: Ideogram

You Might Also Read: 

China Is Predicted To Expand Its Cyber Espionage Operations:  

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Preparing For A South China Sea Cyber Storm
Hacker Responsible For Wiper Malware Identified »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Delphix

Delphix

Delphix is the industry leader for DevOps test data management.

CERT.BY

CERT.BY

The National Computer Emergency Response Team of the Republic of Belarus.

Cyber adAPT

Cyber adAPT

Cyber adAPT offers a leading network threat detection platform (NTD) to the enterprise and ODM/OEM markets.

International Telecommunication Union (ITU)

International Telecommunication Union (ITU)

ITU is the United Nations specialized agency for information and communication technologies – ICTs. Areas of activity include cybersecurity.

Cyber Security Capital (CS^)

Cyber Security Capital (CS^)

Cyber Security Capital is a consultancy helping to mobilise and empower individuals, corporate leaders and entrepreneurs in cyber security.

Grimm Cyber

Grimm Cyber

GRIMM makes the world a more secure place by increasing the cyber resiliency of our client’s systems, networks, and products.

Exostar

Exostar

Exostar is the cloud platform of choice for secure enterprise and supply chain collaboration solutions and identity and access management expertise.

Viasat

Viasat

Viasat is a provider of high-speed satellite broadband services and secure networking systems covering military and commercial markets.

Excelerate Systems

Excelerate Systems

Excelerate Systems is a leading provider of IT services with a focus on Big Data, Cloud Services and Security.

Cofrac

Cofrac

Cofrac is the national accreditation body for France. The directory of members provides details of organisations offering certification services for ISO 27001.

Aergo

Aergo

Aergo offers an easier and more proven way to adopt blockchain and transform your business while building on your existing IT and cloud assets.

IT Jobs Watch

IT Jobs Watch

IT Jobs Watch provides a concise and accurate map of the prevailing IT job market conditions in the UK.

Alibaba Cloud

Alibaba Cloud

Alibaba Cloud is committed to safeguarding the cloud security for every business by leveraging a comprehensive suite of enterprise security services and products on the platform.

WhizHack Technologies

WhizHack Technologies

WhizHack's mission is to not only create a pipeline of cyber security products but also to empower people to sustainable innovation in securing digital assets of tomorrow.

Artifice Security

Artifice Security

Artifice Security will demonstrate real-world attacks on your network, web applications, infrastructure, and personnel to expose your hidden security risks.

Kirk ISS

Kirk ISS

Kirk ISS are the leading provider of IT services in the Cayman Islands. We offer best-in class hardware, software, communications and cloud computing, all backed by professional services support.