A cybersecurity team called the Insect Group released a report on Monday saying Chinese state-backed hackers have significantly stepped up attacks on Taiwan, aiming to steal Taiwanese technology and spy on its diplomatic activities.
of Insect Group teeth The threat research division of Recorded Future, an international cybersecurity company with government and corporate clients in 75 countries.
Group report Concentrated About “RedJuliett,” a cyber espionage group believed to be supported by the Chinese government. RedJuliett activities was was detected It wasn’t until August 2023 that Microsoft discovered a large-scale cyber espionage campaign targeting Taiwanese companies.
Microsoft named the hacking threat “Flax Typhoon,” and cybersecurity firm CrowdStrike detected the activity around the same time and dubbed it “Ethereal Panda,” with Insikt Group researchers confident that all of these names belonged to the same cybersecurity threat actor.
While the group has also launched cyberattacks against other countries, including South Korea and the United States, roughly 60% of the activity detected has been focused on Taiwan. RedJuliett’s activities have been traced back to Fuzhou, a Chinese city close to Taiwan and home to a number of Chinese intelligence operations targeting Taiwan.
“It is currently unclear whether Red Juliet has ties to the Chinese Ministry of State Security’s MSS or the People’s Liberation Army (PLA), but its operating base in Fuzhou is consistent with the group’s consistent focus on Taiwan,” the report said.
Insikt Group found that between November 2023 and April 2024, RedJuliett conducted espionage activities against Taiwan, attacking “more than 70 Taiwanese academic institutions, government agencies, think tanks, and technology organizations, as well as multiple de facto embassies operating on the island.”
Taiwan often lacks official embassies from other countries due to political pressure from China. For example, the de facto US embassy is It is called of American Association of Taiwan (AIT).
The Cyber Security Report states:
In Taiwan, RedJuliett was observed focusing on the technology industry, including organizations in critical technology sectors, conducting vulnerability scans and exploit attempts against a semiconductor company and two Taiwanese aerospace companies that have contracts with the Taiwanese military.
Taiwan’s presidential election season began around the same time that RedJuliett’s activities became more active. election William Lai Ching-teh is expected to be elected as President Tsai Ing-wen’s successor in January 2024. was Appointed He will be up for re-election in May 2024. He belongs to the same Democratic Progressive Party (DPP) as President Tsai Ing-wen, and this victory marks the first time in Taiwan’s democratic history that the same political party has served as president for three consecutive terms.
China’s Communist government dislikes both Tsai Ing-wen and Lai, labelling them “separatists” and “rebels.” Beijing has engaged in what Lai has accused of “unprecedented” levels of election interference, trying to intimidate people in Taiwan from voting for him.
“In addition to political and military pressure, they are also using economic means, perception warfare, disinformation, intimidation and incentives. They are doing everything they can to interfere in this election,” Lai said. Said In January.
Taiwan’s President Lai Ching-te is sworn in and delivers his inaugural speech during an inauguration ceremony at the Presidential Office Building in Taipei on May 20, 2024. (SAM YEH/AFP via Getty Images)
Insect Group said it was unable to determine how successful Red Juliet’s cyberattacks were because it was able to observe the attack attempts from outside the targets’ networks but was unable to see their results.
RedJuliett possessed a wide range of sophisticated hacking tools, including code to exploit vulnerabilities in networks, web servers and security software. Employed The “Living Off the Land” (LotL) technique is a disturbing new trend in cyber espionage, in which hackers infiltrate systems and remain dormant for long periods of time by hiding their malicious code among many other legitimate programs running on large networks.
LotL’s tactics are alarming to cybersecurity researchers because they suggest that hackers are waiting for some expected signal, such as a declaration of war by a backing nation, rather than causing immediate damage or stealing data.
The report concludes:
RedJuliett’s activity is consistent with Beijing’s objectives of gathering intelligence on Taiwan’s economic policies, trade, and diplomatic relations. The group has also targeted multiple key technology companies, highlighting the strategic importance of this sector to Chinese state-sponsored threat actors.
Chinese Ministry of Foreign Affairs In dispute A report by Record Future on Monday denied all allegations of Chinese hacking activity.
Chinese Foreign Ministry spokesman Mao Ning claimed he was “not aware” of the report, but argued without evidence that Recorded Future has “fabricated false information about so-called Chinese hacking activities” in the past and that the company “has neither expertise nor credibility.”
