An alleged group of Chinese state-sponsored hackers have intensified their attacks against Taiwanese organizations, particularly from sectors such as public administration, education, technology and diplomacy, according to the cybersecurity intelligence company Recorded Future.
In recent years, there have been deteriorated relations between China and Taiwan, a self-governed island across the Taiwan Strait that Beijing claims as its territory. The cyber attacks by the group known as RedJulliett They were observed between November 2023 and April 2024, during the run-up to Taiwan’s presidential election in January and the subsequent change of administration.
RedJuliett has attacked Taiwanese organizations in the past, but this is the first time that an activity on such a scale has been observedsaid a Recorded Future analyst, who spoke on condition of anonymity for security reasons.
According to the report, RedJuliett attacked 24 organizationsincluding government agencies in places like Laos, Kenya and Rwanda, as well as Taiwan.
He also hacked websites of religious organizations in Hong Kong and South Korea, an American university and another Djibouti. The report did not identify the organizations.
Recorded Future stated that RedJuliett accessed the servers at those locations through a vulnerability in its SoftEther enterprise virtual private network (VPN) software.an open source VPN that allows remote connections to an organization’s networks.
It has been observed RedJuliett trying to break into the systems of more than 70 Taiwanese organizationsincluding three universities, an optoelectronics company and another facial recognition company that has contracts with the government.
It’s unclear whether RedJuliett managed to break into those organizations: Recorded Future only said it observed attempts to identify vulnerabilities in their networks.
RedJuliett’s hacking patterns match those of Chinese state-sponsored groupsaccording to Recorded Future.
Based on the geolocation of IP addresses, RedJulliett is probably headquartered in the city of Fuzhouin the Chinese province of Fujian, whose coast faces Taiwan.
“Given the geographical proximity between Fuzhou and Taiwan, it is likely that Chinese intelligence services operating in Fuzhou will be tasked with gathering information against Taiwanese targets.””, notes the report.
“It is likely that RedJuliett target Taiwan to gather information and support Beijing’s policy on cross-strait relations,” states the Recorded Future report.
Taiwan’s Foreign Ministry had no immediate comment.
A Chinese Foreign Ministry spokesman rejected the allegations.
“I don’t know the details of what you mentioned, but I can tell you that this is not the first time that the company you mentioned has manufactured disinformation about alleged Chinese hacking operations. “There is absolutely no professionalism or credibility in what this company does,” said spokesman Mao Ning.
Microsoft reported in August last year that RedJuliettwhich Microsoft tracks under the name Flax Typhoon, had as target Taiwanese organizations.
In recent years, China has intensified military exercises around Taiwan and has exerted economic and diplomatic pressure on the island.
Relations between Taiwan and Beijing worsened further after the election of Taiwan’s new president in January, William Lai (Lai Ching-te), whom China has considered a “separatist,” after he said in his inauguration speech that Taiwan and China were not subordinate to each other. Like her predecessor Tsai Ing-wen, Lai has stated that there is no need to declare Taiwan’s independence because it is already an independent sovereign state.
Like many other countries, including the United States, China is known for its cyber espionage activities. Earlier this year, the United States and Britain accused China of a widespread cyberespionage campaign that allegedly affected millions of people.
Beijing has consistently denied any form of piracy sponsored, stating instead that China itself is one of the main targets of cyberattacks.
According to Recorded Future, state-sponsored Chinese groups are likely to continue attacking Taiwanese government agencies, universities, and critical technology companies through “public-facing” devices, such as open source VPN software, which provide Limited visibility and logging capabilities.
Companies and organizations can better protect yourself by prioritizing and patching vulnerabilities once they are knownsaid the Recorded Future threat intelligence analyst.
(With information from AP)
