A suspected Chinese state-sponsored hacking group has stepped up its targeting of Taiwanese organizations, particularly those in government, education, technology and diplomacy sectors, a report by cybersecurity intelligence company Recorded Future said.
The cyberattacks by the group known as RedJuliett were observed between November last year and April, during the lead-up to the presidential and legislative elections in January and the subsequent change in administration.
RedJuliett has targeted Taiwanese organizations in the past, but this is the first time that activity was seen at such a scale, a Recorded Future analyst said, speaking on condition of anonymity out of safety concerns.
Photo: Reuters
The report said that RedJuliett attacked 24 organizations, including government agencies in places like Laos, Kenya and Rwanda, as well as Taiwan.
It also hacked into Web sites of religious organizations in Hong Kong and South Korea, a US university and a Djiboutian university. The report did not identify the organizations.
Recorded Future said RedJuliett accessed the servers of those places through a vulnerability in their SoftEther enterprise virtual private network (VPN) software, an open-source VPN that allows remote connections to an organization’s networks.
RedJuliett has been observed attempting to break into systems of more than 70 Taiwanese organizations including three universities, an optoelectronics company and a facial recognition company that has contracts with the government.
It was unclear if RedJuliett managed to break into those organizations: Recorded Future only said it observed the attempts to identify vulnerabilities in their networks.
RedJuliett’s hacking patterns match those of Chinese state-sponsored groups, Recorded Future said.
Based on the geolocations of Internet protocol addresses, RedJuliett is likely based out of Fuzhou, in China’s Fujian Province, the coast of which faces Taiwan, it said.
“Given the close geographical proximity between Fuzhou and Taiwan, Chinese intelligence services operating in Fuzhou are likely tasked with intelligence collection against Taiwanese targets,” the Recorded Future report said.
“RedJuliett is likely targeting Taiwan to collect intelligence and support Beijing’s policymaking on cross-strait relations,” it said.
The Ministry of Foreign Affairs and the Chinese Ministry of Foreign Affairs did not immediately comment.
Microsoft in August last year reported that RedJuliett, which the US company tracks under the name Flax Typhoon, was targeting Taiwanese organizations.
China has in the past few years stepped up military drills around Taiwan and imposed economic and diplomatic pressure on the nation.
Relations between Taipei and Beijing worsened after the election of William Lai (賴清德), who China has deemed a “separatist,” after he said in his inauguration speech that Taiwan and China were not subordinate to each other.
Like his predecessor Tsai Ing-wen (蔡英文), Lai has said that there is no need to declare Taiwanese independence because it is already an independent sovereign state.
Like many other countries including the US, China has been known to engage in cyberespionage. Earlier this year, the US and the UK accused China of a sweeping cyberespionage campaign that allegedly affected millions of people.
Beijing has consistently denied engaging in any form of state-sponsored hacking, instead saying that China itself is a major target of cyberattacks.
According to Recorded Future, Chinese state-sponsored groups will likely continue to target Taiwanese government agencies, universities and critical technology companies via “public-facing” devices such as open-source VPN software, which provide limited visibility and logging capabilities.
Companies and organizations can best protect themselves by prioritizing and patching vulnerabilities once they become known, Recorded Future’s threat intelligence analyst said.
A 72-year-old man in Kaohsiung was sentenced to 40 days in jail after he was found having sex with a 67-year-old woman under a slide in a public park on Sunday afternoon. At 3pm on Sunday, a mother surnamed Liang (梁) was with her child at a neighborhood park when they found the man, surnamed Tsai (蔡), and woman, surnamed Huang (黃), underneath the slide. Liang took her child away from the scene, took photographs of the two and called the police, who arrived and arrested the couple. During questioning, Tsai told police that he had met Huang that day and offered to
LOOKING NORTH: The base would enhance the military’s awareness of activities in the Bashi Channel, which China Coast Guard ships have been frequenting, an expert said The Philippine Navy on Thursday last week inaugurated a forward operating base in the country’s northern most province of Batanes, which at 185km from Taiwan would be strategically important in a military conflict in the Taiwan Strait. The Philippine Daily Inquirer quoted Northern Luzon Command Commander Lieutenant General Fernyl Buca as saying that the base in Mahatao would bolster the country’s northern defenses and response capabilities. The base is also a response to the “irregular presence this month of armed” of China Coast Guard vessels frequenting the Bashi Channel in the Luzon Strait just south of Taiwan, the paper reported, citing a
A total lunar eclipse, an astronomical event often referred to as a “blood moon,” would be visible to sky watchers in Taiwan starting just before midnight on Sunday night, the Taipei Astronomical Museum said. The phenomenon is also called “blood moon” due to the reddish-orange hue it takes on as the Earth passes directly between the sun and the moon, completely blocking direct sunlight from reaching the lunar surface. The only light is refracted by the Earth’s atmosphere, and its red wavelengths are bent toward the moon, illuminating it in a dramatic crimson light. Describing the event as the most important astronomical phenomenon
BETTER SERVICE QUALITY: From Nov. 10, tickets with reserved seats would only be valid for the date, train and route specified on the ticket, THSRC said Starting on Nov. 10, high-speed rail passengers with reserved seats would be required to exchange their tickets to board an earlier train. Passengers with reserved seats on a specific train are currently allowed to board earlier trains on the same day and sit in non-reserved cars, but as this is happening increasingly often, and affecting quality of travel and ticket sales, Taiwan High-Speed Rail Corp (THSRC) announced that it would be canceling the policy on Nov. 10. It is one of several new measures launched by THSRC chairman Shih Che (史哲) to improve the quality of service, it said. The company also said
RSS