According to cybersecurity intelligence firm Recorded Future, hacking groups believed to be backed by the Chinese government have stepped up attacks on Taiwanese organizations, particularly in the areas of government, education, technology and diplomacy.
Relations between China and Taiwan, the self-governing island across the Taiwan Strait which Beijing claims as its territory, have deteriorated in recent years.
Click here to connect with us on WhatsApp
Cyber ​​attacks by the group known as RedJulliett were observed between November 2023 and April 2024, in the lead-up to Taiwan's presidential election in January and the subsequent change of government.
Red Juliet has targeted Taiwanese organizations in the past, but this is the first time it has been seen operating on this scale, said an analyst at Recorded Future, who spoke on the condition of anonymity due to security concerns.
According to the report, RedJuliett has attacked 24 organizations, including government agencies in Laos, Kenya, Rwanda and Taiwan.
The websites of religious groups in Hong Kong and South Korea, a university in the United States and a university in Djibouti were also hacked, although the report did not name the groups.
Recorded Future said RedJuliett accessed servers in these locations through vulnerabilities in SoftEther enterprise virtual private network (VPN) software, an open-source VPN that allows remote connections into organizations' networks.
RedJuliett has been seen attempting to infiltrate the systems of more than 70 organizations in Taiwan, including three universities, an optoelectronics company, and a facial recognition company with government contracts.
It's unclear whether RedJuliett was able to infiltrate these organizations, with Recorded Future saying only that it had observed attempts to identify network vulnerabilities.
Recorded Future said RedJuliett's hacking patterns match those of a Chinese government-backed group.
Based on the geographic location of the IP addresses, RedJulliett is likely based in Fuzhou city, Fujian province in southern China, which borders Taiwan, the company said.
Due to the geographical proximity of Fuzhou and Taiwan, Chinese intelligence agencies operating in Fuzhou are likely tasked with collecting intelligence targeting Taiwan, the report said.
Recorded Future reported that Red Juliet likely targets Taiwan, gathering intelligence and assisting Beijing in formulating policy on cross-strait relations.
Taiwan's foreign ministry and China's foreign ministry did not immediately comment.
Last August, Microsoft reported that RedJuliett, which it tracks under the name Flax Typhoon, was targeting organizations in Taiwan.
In recent years, China has stepped up military exercises around Taiwan and exerted economic and diplomatic pressure on the island.
Relations between Taiwan and Beijing have further deteriorated since Lai Ching-te, whom China considers a “separatist”, was elected as Taiwan's new president in January after saying in his inaugural speech that Taiwan and China are not subordinate to each other.
Lai, like his predecessor Tsai Ing-wen, has said Taiwan is already an independent sovereign nation and therefore does not need to declare independence.
China, like many other countries, including the United States, is known to be conducting cyber espionage activities. Earlier this year, the United States and the United Kingdom accused China of a massive cyber espionage campaign that allegedly affected millions of people.
The Chinese government has consistently denied engaging in any form of state-sponsored hacking and has said that China itself is a prime target of cyber attacks.
According to Recorded Future, Chinese state-backed groups will likely continue to target Taiwanese government agencies, universities, and critical technology companies through publicly exposed devices such as open-source VPN software that offers limited visibility and logging capabilities.
Threat intelligence analysts at Recorded Future said organizations can best protect themselves by prioritizing and patching vulnerabilities as they become known.
