Chinese Hackers Increase Attacks on Taiwanese Organizations, Cybersecurity Firm Reports
Rise in Cyberattacks by RedJuliett Group
A recent report from Recorded Future, a cybersecurity intelligence company, indicates that a suspected Chinese-state-sponsored hacking group, RedJuliett, has increased its attacks on Taiwanese organizations. These attacks were mainly on government, education, technology, and diplomatic sectors, as well as other targets.
Scope of the Attacks
According to the report, RedJuliett targeted 24 organizations between November 2023 and April 2024, leading up to Taiwan’s presidential elections. The attacks included:
- Government agencies in Taiwan, Laos, Kenya, and Rwanda.
- Religious organizations in Hong Kong and South Korea.
- A U.S. university and a Djiboutian university.
The identities of these organizations were not disclosed in the report.
Method of Attack
RedJuliett accessed these organizations' servers using a vulnerability in SoftEther enterprise virtual private network (VPN) software. This open-source VPN allows remote connections to an organization's network but has security weaknesses that RedJuliett exploited.
Attempted Attacks on Taiwanese Organizations
Recorded Future observed that RedJuliett attempted to infiltrate more than 70 Taiwanese organizations, including:
- Three universities.
- An optoelectronics company.
- A facial recognition company with government contracts.
While it’s not clear if RedJuliett successfully breached these entities, the attempts match the hacking patterns of Chinese state-sponsored groups.
Geographical Connection
The report suggests that RedJuliett is likely based in Fuzhou, a city in China’s southern Fujian province. This city is close to Taiwan, making it a strategic location for Chinese intelligence to target Taiwanese organizations and collect intelligence.
Political Context
Relations between China and Taiwan have been deteriorating, with China increasing military drills, and economic and diplomatic pressure. China sees Taiwan as part of its territory, while Taiwan maintains it is an independent sovereign state. The situation escalated further after the election of Taiwan’s new president, Lai Ching-te, who opposes unification under Beijing's terms.
Global Perspective on Cyber Espionage
China, like other nations including the U.S., has been implicated in cyberespionage campaigns. Earlier this year, the U.S. and Britain accused China of a vast cyberespionage campaign affecting millions. Beijing has denied these accusations, claiming China itself faces many cyberattacks.
Preventive Measures
Recorded Future advises that companies and organizations can best protect themselves by prioritizing and patching vulnerabilities. Using public-facing devices like open-source VPN software without proper security measures can expose organizations to cyber threats.
Conclusion
As cyber threats from state-sponsored groups like RedJuliett increase, it is crucial for organizations, particularly in Taiwan, to stay vigilant and adopt robust cybersecurity practices to mitigate the risk of cyberattacks.
