HONG KONG (AP) — Hacking groups suspected to be backed by the Chinese government have stepped up attacks on Taiwanese organizations, particularly in the sectors of government, education, technology and diplomacy, according to cybersecurity intelligence firm Recorded Future.
Relations between China and Taiwan have deteriorated in recent years. Taiwan is a self-governing island in the Taiwan Strait that China claims as its territory. The cyber attacks by the group known as RedJulliett were observed between November 2023 and April 2024, leading up to Taiwan’s presidential election in January and the subsequent change of government.
Red Juliet has targeted Taiwanese organizations in the past, but this is the first time it has been seen operating on this scale, said an analyst at Recorded Future, who spoke on the condition of anonymity due to security concerns.
According to the report, RedJuliett has attacked 24 organizations, including government agencies in Laos, Kenya, Rwanda and Taiwan.
The report also hacked the websites of religious groups in Hong Kong and South Korea, a university in the United States and a university in Djibouti, without naming the groups.
Recorded Future said RedJuliett gained access to servers in those locations through vulnerabilities in SoftEther enterprise virtual private network (VPN) software, an open-source VPN that allows remote connections to organizations’ networks.
RedJuliett has been observed attempting to infiltrate the systems of more than 70 Taiwanese organizations, including three universities, an optoelectronics company, and a facial recognition company with government contracts.
It’s unclear whether RedJuliett was able to infiltrate these organizations, with Recorded Future saying only that it had observed attempts to identify network vulnerabilities.
Recorded Future said RedJuliett’s hacking patterns match those of a Chinese government-backed group.
Based on the geographic location of the IP addresses, RedJulliett is likely based in Fuzhou city, Fujian province in southern China, which borders Taiwan, the company said.
“Given Fuzhou’s geographical proximity to Taiwan, Chinese intelligence agencies operating in Fuzhou are likely tasked with collecting intelligence targeting Taiwan,” the report said.
“Red Juliet is likely targeting Taiwan to gather intelligence and assist Beijing in formulating policy on cross-strait relations,” the Recorded Future report said.
Taiwan’s foreign ministry and China’s foreign ministry did not immediately comment.
Last August, Microsoft reported that RedJuliett, which the company tracks under the name Flax Typhoon, was targeting organizations in Taiwan.
In recent years, China has stepped up military exercises around Taiwan and exerted economic and diplomatic pressure on the island.
Relations between Taiwan and Beijing have further deteriorated since the election of Taiwan’s new president, Lai Ching-te, in January. In his inaugural speech, Lai said Taiwan and China are not subordinate to each other, and China has deemed him a “separatist.” Like his predecessor, Tsai Ing-wen, Lai has said Taiwan does not need to declare independence because it is already an independent sovereign nation.
China, like many other countries, including the United States, is known to be conducting cyber espionage activities. Earlier this year, the United States and the United Kingdom accused China of a massive cyber espionage campaign that allegedly affected millions of people.
The Chinese government has consistently denied engaging in any form of state-sponsored hacking and has said that China itself is a prime target of cyber attacks.
According to Recorded Future, Chinese state-backed groups will likely continue to target Taiwanese government agencies, universities, and critical technology companies via “consumer” devices such as open-source VPN software that offers limited visibility and logging capabilities.
Threat intelligence analysts at Recorded Future said organizations can best protect themselves by prioritizing and patching vulnerabilities as they become known.
___
Report link: https://www.recordedfuture.com/redjuliett-intensifies-taiwanese-cyber-espionage-via-network-perimeter
