A Taiwanese government-affiliated research center has fallen victim to a cyberattack orchestrated by a hacking group believed to be linked to the Chinese government. The attack, which occurred in July 2023, resulted in the theft of passwords and sensitive documents.
Cisco's Talos threat intelligence group identified the perpetrators as members of APT41, a state-sponsored espionage group with ties to China's Ministry of State Security. The hackers employed outdated Microsoft Office software to gain unauthorized access to the research center's systems.
Escalating Cyber Tensions Between Taiwan and China
The cyberattack underscores the growing tensions between Taiwan and China. The self-governing island has become a focal point of geopolitical rivalry, with China asserting its sovereignty over the territory.
Cyber espionage has emerged as a key tool for Beijing to gather intelligence and exert influence.
According to Bloomberg, the compromised Taiwanese research center is part of a broader pattern of Chinese cyberattacks targeting critical infrastructure and government institutions. Recent reports indicate a surge in such activities, prompting Taiwan to bolster its cybersecurity defenses with the assistance of foreign experts.
Related Article: Biden Administration Warns State Governors That Iranian, Chinese Hackers May Attack Water Systems
APT41: A Persistent Threat
APT41, the hacking group responsible for the attack, has a history of targeting high-value targets, including government agencies and private companies. The group has been implicated in numerous cyber espionage campaigns, demonstrating its capabilities and persistence.
The theft of sensitive information from the Taiwanese research center highlights the ongoing threat posed by state-sponsored cyberattacks.
Another Group of China-Backed Hackers
A week ago, another group of state-sponsored hackers dubbed Daggergly launched a malware attack on select organizations in Taiwan and a US non-governmental organization based in China, according to The Hacker News.
The gang of threat actors which hailed from Beijing engaged in "internal espionage" where it exploited a vulnerability within the Apache HTTP server. From here, the cyberattackers were able to send the MgBot malware to the systems.
According to Symantec, Daggerfly is capable of immediately updating its malware toolset to deliver heavy damage with minimal disruption to the organizations.
Last year, another group of Chinese threat actors under "Flax Typhoon" attacked government agencies in Taiwan. According to Microsoft, the group's modus operandi involves unauthorized access to the networks.
Microsoft added that Flax Typhoon was first discovered in mid-2021. At the time, the group was seen attacking critical sectors in Taiwan. Aside from the government agencies, they also specialized in attacking educational institutions, tech firms, and other infrastructures.
It's important to note that the group's activities are not only limited to Taiwan. It's been said that there were traces of attacks in other regions including Southeast Asia, Africa, and North America.
Regarding the tools used in hacking, the group reportedly relies on the Juicy Potato privilege escalation tool, China Chopper web shell, the SoftEther virtual private network (VPN) client, and Mimikatz.