Business Standard

Monday, December 23, 2024 | 03:01 AM ISTEN Hindi

Notification Icon
userprofile IconSearch

Chinese hackers attacking Taiwanese organisations: Cybersecurity firm

In recent years, relations between China and Taiwan, a self-governed island across the Taiwan Strait that Beijing claims as its territory, have deteriorated

China Taiwan

The report said RedJuliett attacked 24 organisations, including government agencies in places like Laos, Kenya and Rwanda, as well as Taiwan.

AP Hong Kong

Listen to This Article

A suspected Chinese state-sponsored hacking group has stepped up its targeting of Taiwanese organisations, particularly those in sectors such as government, education, technology and diplomacy, according to cybersecurity intelligence company Recorded Future.

In recent years, relations between China and Taiwan, a self-governed island across the Taiwan Strait that Beijing claims as its territory, have deteriorated.

The cyberattacks by the group known as RedJulliett were observed between November 2023 and April 2024, during the lead up to Taiwan's presidential elections in January and the subsequent change in administration.

RedJuliett has targeted Taiwanese organisations in the past, but this is the first time that activity was seen at such a scale, a Recorded Future analyst said, speaking on condition of anonymity out of safety concerns.

 

The report said RedJuliett attacked 24 organisations, including government agencies in places like Laos, Kenya and Rwanda, as well as Taiwan.

It also hacked into websites of religious organisations in Hong Kong and South Korea, a US university and a Djiboutian university. The report did not identify the organisations.

Recorded Future said RedJuliett accessed the servers of those places via a vulnerability in their SoftEther enterprise virtual private network (VPN) software, an open-source VPN that allows remote connections to an organisation's networks.

RedJuliett has been observed attempting to break into systems of more than 70 Taiwanese organisations including three universities, an optoelectronics company and a facial recognition company that has contracts with the government.

It was unclear if RedJuliett managed to break into those organisations: Recorded Future only said it observed the attempts to identify vulnerabilities in their networks.

RedJuliett's hacking patterns match those of Chinese state-sponsored groups, according to Recorded Future.

It said that based on the geolocations of IP addresses, RedJulliett is likely based out of the city of Fuzhou, in China's southern Fujian province, whose coast faces Taiwan.

Given the close geographical proximity between Fuzhou and Taiwan, Chinese intelligence services operating in Fuzhou are likely tasked with intelligence collection against Taiwanese targets, the report said.

RedJuliett is likely targeting Taiwan to collect intelligence and support Beijing's policy-making on cross-strait relations, the Recorded Future report said.

Taiwan's Ministry of Foreign Affairs and China's foreign ministry did not immediately comment.

Microsoft reported in August last year that RedJuliett, which Microsoft tracks under the name Flax Typhoon, was targeting Taiwanese organisations.

China has in recent years stepped up military drills around Taiwan and imposed economic and diplomatic pressure on the island.

Relations between Taiwan and Beijing worsened further after the election in January of Taiwan's new president Lai Ching-te, who China has deemed a separatist," after he said in his inauguration speech that Taiwan and China were not subordinate to each other.

Like his predecessor Tsai Ing-wen, Lai has said that there is no need to declare Taiwanese independence because it is already an independent sovereign state.

Like many other countries including the US, China has been known to engage in cyberespionage. Earlier this year, the US and Britain accused China of a sweeping cyberespionage campaign that allegedly hit millions of people.

Beijing has consistently denied engaging in any form of state-sponsored hacking, instead saying that China itself is a major target of cyberattacks.

According to Recorded Future, Chinese state-sponsored groups will likely continue to target Taiwanese government agencies, universities and critical technology companies via public-facing devices such as open-source VPN software, which provide limited visibility and logging capabilities.

Companies and organisations can best protect themselves by prioritising and patching vulnerabilities once they become known, Recorded Future's threat intelligence analyst said.

(Only the headline and picture of this report may have been reworked by the Business Standard staff; the rest of the content is auto-generated from a syndicated feed.)

Don't miss the most important news and views of the day. Get them on our Telegram channel

First Published: Jun 24 2024 | 10:13 AM IST

Explore News