In January 2025, our friends at FortiGuard Labs observed an attack that used Winos4.0, an advanced malware framework actively used in recent threat campaigns, to target companies in Taiwan. Figure 1 shows an example of the attack chain. Usually, there is a loader that is only used to load the malicious DLL file, and the Winos4.0 module is extracted from the shellcode downloaded from its C2 server.
Link to full report: IR-25-063-002_Winos.pdf
Taiwanese government networks experienced a daily average of 2.4 million cyber-attacks in 2024, most attributed to Chinese state-backed hackers. This represents double the daily average from 2023, which saw 1.2 million daily attacks targeting government networks, Taiwan’s National Security Bureau said in a new report. “Although many of those attacks have been effectively detected and blocked, the growing numbers of attacks pinpoint the increasingly severe nature of China’s hacking activities,” t
In September 2024, researchers observed an attack using the notorious SmokeLoader malware to target companies in Taiwan, including those in manufacturing, healthcare, information technology, and other sectors. SmokeLoader is well-known for its versatility and advanced evasion techniques, and its modular design allows it to perform a wide range of attacks. While SmokeLoader primarily serves as a downloader to deliver other malware, in this case, it carries out the attack itself by downloading pl
A previously unknown government-backed hacking group is targeting organizations in the manufacturing, IT, and biomedical sectors across Taiwan, Vietnam, the US and an unnamed Pacific island, according to new research from Symantec.
Researchers are tracking the group under the name “Grayling” and said in a report released earlier this week that it is using custom-made malware as well as publicly available tools to attack its targets. The attacks, which began in February and continued through May
A newly identified espionage operation run by hackers linked to China’s government has targeted dozens of organizations in Taiwan since the middle of 2021. Microsoft on Thursday attributed the campaign to a previously unidentified group it named Flax Typhoon. The goal of the campaign is to not only perform espionage on targeted Taiwanese entities but “maintain access to organizations across a broad range of industries for as long as possible,” the tech giant said.
The group is mainly targeting
A suspected cyber-attack on 7-Eleven stores, pervasive in large towns and at rail stations across Denmark, is reporting that “we cannot use cash registers and/or receive payments.” This the company wrote on its Facebook page. “We are therefore closed until we know the extent [of the attack]. We hope to be able to open stores again soon,” it wrote.
There are 176 7-Eleven stores in Denmark. The company’s CEO told a Danish broadcaster that cash registers “suddenly” began to malfunction in store
Conti ransomware was first discovered in December of 2019 and has become one of the most prominent ransomware platforms to date. The Conti Ransomware as a Service (RaaS) platform gained international attention in May of 2021 when it was used to shutdown Ireland’s Health Service Executive (HSE). The group has shown no signs of slowing down with notable attacks reported in the United States, Australia, United Kingdom, Taiwan, and Indonesia in the past two and a half months.
The most recent attack
There is a vigorous debate among geopolitical and military scholars if, and when China will invade Taiwan. At the beginning of the Corona Virus pandemic, many believed that the timing could be ripe for China to militarily invade the island nation of Taiwan. This a long sought-after prize to “reunite China.”
Link to full Report: TR-20-134-001_China Taiwan hotwarFINAL.pdf
Red Sky Alliance performs weekly queries of our backend databases, identifying all new data containing Motor Vessel (MV) and Motor Tanker (MT) in the subject line of malicious emails. Email subject line Motor Vessel (MV) or Motor Tanker (MT) keyword usage is a common lure to entice users in the maritime industry to open emails containing malicious attachments. Red Sky Alliance is providing this weekly list of Motor Vessels in which Red Sky Alliance directly observed the vessel being impersonated
