Chinese authorities have accused a hacker group allegedly backed by Taiwan of carrying out a cyberattack on a local technology company and targeting sensitive infrastructure across the mainland, state media reported. According to police in Guangzhou, the group, allegedly linked to Taiwan’s ruling Democratic Progressive Party (DPP), has targeted more than 1,000 key networks in over 10 Chinese provinces, including military, energy, transportation and government systems.
Chinese authorities said the campaign involved large-scale espionage efforts, crude hacking tools and a range of low-sophistication tactics such as phishing emails, exploitation of known software vulnerabilities and brute-force password attacks. The attacks were described as “malicious sabotage” aimed at undermining China’s security, police said, adding that the group’s activity had significantly increased over the past year.[1]
Investigators said the group used poorly-coded, self-developed Trojan programs that left digital traces enabling reverse tracking. Authorities added that the attackers attempted to obscure their origin by routing attacks through VPNs, foreign cloud services and compromised devices across multiple countries. While Beijing did not name the targeted tech company or the hacker group, it said the group had been active in recent years and that its actions were being closely monitored by Chinese cybersecurity agencies.
Taiwan’s National Security Bureau has denied the allegations. In a statement to Reuters, it accused the Chinese Communist Party of “manipulating inaccurate information to confuse the outside world” and shift blame. The bureau said Beijing has long been involved in cyberattacks on Taiwan, including data theft, disinformation campaigns and attempts to sow division through cognitive warfare.
Taiwan and China’s complex and tense relationship, rooted in Beijing’s claim over the self-governing island, often extends into the cyber realm. In a recent report, Taiwanese security officials said Chinese hackers were behind most of the cyber-attacks targeting the island.
China, in turn, accused Taiwan of conducting cyber operations against the mainland and has recently begun publicly identifying alleged threat actors behind the attacks. Earlier in March, Chinese authorities accused four individuals allegedly linked to Taiwan’s military of conducting cyberattacks and espionage against the country. While naming foreign hackers is common practice among some Western cybersecurity firms, the move marks a new development in China’s cyber attribution efforts.
This article is shared at no charge for educational and informational purposes only.
Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. We provide indicators of compromise information via a notification service (RedXray) or an analysis service (CTAC). For questions, comments or assistance, please contact the office directly at 1-844-492-7225, or feedback@redskyalliance.com
Weekly Cyber Intelligence Briefings:
- Reporting: https://www.redskyalliance.org/
- Website: https://www.redskyalliance.com/
- LinkedIn: https://www.linkedin.com/company/64265941
Weekly Cyber Intelligence Briefings:
REDSHORTS - Weekly Cyber Intelligence Briefings
https://register.gotowebinar.com/register/5207428251321676122
[1] https://therecord.media/china-accuses-taiwan-linked-group-of-cyberattacks/
Comments