Cyberattacks Escalating Between China & Taiwan

Category: Cyberattack | Industries: Logistics, Manufacturing, Technology | Source: Trellix

Escalating tensions between China and Taiwan due to geopolitical and military events have led to a surge in cyber activity, particularly involving the distribution of malicious emails to drop malware targeting individuals in Taiwan. The surge in activity was reported by researchers from Trellix noting a "4x increase" in email distribution to Taiwan between April 7th to April 10th, 2023. The emails primarily targeted entities associated with technology and networking, manufacturing, and logistics.

Lures used in phishing emails include unpaid invoices, shipping notifications, and purchase orders. Both phishing links and zip file attachments were used to trigger the download/execution of a malicious payload. The PlugX remote access trojan (RAT) was frequently seen as the final payload in the attack and aligns with a software used by Chinese-linked threat groups. The distribution of PlugX is relied upon to aid in intelligence collection and espionage objectives. Chinese threat actors associated with PlugX RAT include APT3, TA459, LuminousMoth, menuPass/APT10, Threat Group-3390/APT27, APT41, Mustang Panda, and Winnti Group."

In addition to the spurt of emails in the past month, an earlier spike occurred in the final week of January 2023, as Trellix "researchers observed a significant rise in extortion emails aimed at Taiwan Government officials, with a 30-fold increase in malicious email counts." While the spike in April was attributed to China, it’s uncertain what entity was responsible for the influx of emails in January.

‍