China-backed hackers stepping up attacks on Taiwan, cybersecurity firm says

Hacking group RedJuliett compromised two dozen organisations in Taiwan and elsewhere, report says.

A suspected China-backed hacking group has ramped up attacks on organisations in Taiwan, according to a report by a US-based cybersecurity firm [Kacper Pempel/Reuters]

A suspected China-backed hacking outfit has intensified attacks on organisations in Taiwan as part of Beijing’s intelligence-gathering activities on the self-governing island, a cybersecurity firm has said.

The hacking group, RedJuliett, compromised two dozen organisations between November 2023 and April of this year, likely in support of intelligence collection on Taiwan’s diplomatic relations and technological development, Recorded Future said in a report released on Monday.

RedJuliett exploited vulnerabilities in internet-facing appliances, such as firewalls and virtual private networks (VPNs), to compromise its targets, which included tech firms, government agencies and universities, the United States-based cybersecurity firm said.

RedJuliett also conducted “network reconnaissance or attempted exploitation” against more than 70 Taiwanese organisations, including multiple de facto embassies, according to the firm.

“Within Taiwan, we observed RedJuliett heavily target the technology industry, including organisations in critical technology fields. RedJuliett conducted vulnerability scanning or attempted exploitation against a semiconductor company and two Taiwanese aerospace companies that have contracts with the Taiwanese military,” Recorded Future said in its report.

“The group also targeted eight electronics manufacturers, two universities focused on technology, an industrial embedded systems company, a technology-focused research and development institute, and seven computing industry associations.”

While nearly two-thirds of the targets were in Taiwan, the group also compromised organisations elsewhere, including religious organisations in Taiwan, Hong Kong, and South Korea and a university in Djibouti.

Recorded Future said it expected Chinese state-sponsored hackers to continue targeting Taiwan for intelligence-gathering activities.

“We also anticipate that Chinese state-sponsored groups will continue to focus on conducting reconnaissance against and exploiting public-facing devices, as this has proved a successful tactic in scaling initial access against a wide range of global targets,” the cybersecurity firm said.

Chinese Foreign Ministry spokeswoman Mao Ning told reporters she was not aware of the report, but that Recorded Future was not a credible organisation.

“What I can tell you is that this is not the first time that the company you mentioned has fabricated disinformation on so-called ‘Chinese hacking operations.’ There is absolutely no professionalism or credibility to speak of in what the company does,” she said.

Beijing has repeatedly denied engaging in cyber-espionage – a practice carried out by governments worldwide – instead casting itself as a regular victim of cyberattacks.

China claims democratically ruled Taiwan as part of its territory, although the Chinese Communist Party has never exerted control over the island.

Relations between Beijing and Taipei have deteriorated as Taiwan’s ruling Democratic Progressive Party has sought to boost the island’s profile on the international stage.

On Monday, Taiwanese President William Lai Ching-te hit out at Beijing after it issued legal guidelines threatening the death penalty for those who advocate Taiwanese independence.

“I want to stress, democracy is not a crime; it’s autocracy that is the real evil,” Lai told reporters.

Lai, whom Beijing has branded a “separatist”, has said there is no need to formally declare independence for Taiwan because it is already an independent sovereign state.

Source: Al Jazeera and news agencies