China-Backed Hackers Target Taiwan for Intelligence, Report

In Summary

  • China-backed hacking group RedJuliett has intensified attacks on Taiwanese organizations, compromising at least 24 entities.
  • Hackers targeted internet-facing devices like firewalls and VPNs, focusing on key sectors like technology and aerospace.
  • The attacks are part of China’s efforts to gather intelligence on Taiwan’s economic and technological progress amidst rising tensions.


TAIPEI, Taiwan, Thursday, June 17, 2024 – A hacking group believed to be backed by China has intensified cyberattacks against Taiwanese organizations in recent months, according to an intelligence report by cybersecurity firm Recorded Future released on Monday, June 24.1

The attacks targeted government agencies, universities, technology companies, and diplomatic entities.

China’s Foreign Ministry denied any knowledge of the report and dismissed Recorded Future as an unreliable source. However, China consistently denies engaging in cyberespionage, a practice used by governments worldwide.

Recorded Future, a U.S.-based cybersecurity firm, said in a report released Monday that the group, called RedJuliett, compromised at least 24 organizations in Taiwan between November 2023 and April 2024.

The hackers exploited vulnerabilities in internet-facing devices like firewalls and virtual private networks (VPNs) to gain access to their targets.

The report also found evidence that RedJuliett conducted reconnaissance or attempted attacks on over 70 additional Taiwanese organizations, including several de facto embassies.

The group appeared particularly focused on the technology sector, targeting a semiconductor company, two aerospace companies with contracts for the Taiwanese military, and other technology-related institutions.

RedJuliett’s activities are believed to be part of an intelligence-gathering effort by China aimed at understanding Taiwan’s economic and diplomatic relations, as well as progress in critical technology development. China claims Taiwan as part of its territory, though the island is self-governing.

Recorded Future said RedJuliett likely operates from Fuzhou, China, and may also be known by the aliases Flax Typhoon and Ethereal Panda.

The firm expects Chinese state-sponsored hackers to continue targeting Taiwan, focusing on exploiting vulnerabilities in publicly accessible devices.

This follows rising tensions between China and Taiwan, with Taiwan’s president, Tsai Ing-wen, condemning China’s recent legal guidelines that could lead to the death penalty for advocating Taiwanese independence.

Sources
  1. recordedfuture.com: https://www.recordedfuture.com/redjuliett-intensifies-taiwanese-cyber-espionage-via-network-perimeter[]
Protected by Copyscape