Organizations in Taiwan have become targets of cyber espionage attacks amidst recent political tensions. According to research by Trellix, there has been a fourfold increase in malicious phishing emails targeting Taiwanese companies between April 7 and 10 of this year. Industries such as logistics, IT, and manufacturing were hit the hardest.
The phishing emails were sent with different archetypes such as a fake shipment update from DHL, a fake order for bulk cement, and a fake payment overdue notification. Malicious attachments were found in some of the emails, while others contained links to fake login pages designed for gathering credentials.
Following this increase in malicious emails, researchers detected a more significant rise in instances of PlugX – a remote access Trojan that is a decade old and is common among Chinese state-linked threat actors. PlugX is notorious for its stealthiness, using DLL sideloading circumvent Windows security measures and running arbitrary code on a target machine.
Zmutzy, another Trojan written in .NET, and Formbook, an infostealer-as-a-service with downloader capabilities, are other malware families spotted in attacks against Taiwan.
Tensions between China and Taiwan date back to three-quarters of a century ago with the former claiming sovereignty over the autonomous latter. Diplomatic meetings between American and Taiwanese officials, Chinese military drills in the Taiwan Strait, and the parallel conflict in Ukraine ignited a recent flare-up, resulting in political and economic implications.
Cyberattacks have always played a role in the Taiwan conflict, a simpler, more cost-effective, and less politically dangerous weapon of war. Cyber espionage is often deployed by more powerful sides to target their adversary, as is the case in Taiwan.
“Cyberwarfare is an attractive option for a number of nation-states as it lets them target their adversaries without escalating to a ‘shooting war,'” says Mike Parkin, Senior Technical Engineer at Vulcan Cyber.
In January 2023, Trellix observed a 30-times increase in extortion emails sent to Taiwanese officials. It is uncertain if this activity is from China-backed threat actors. However, it speaks to a continued increase in attacks targeting Taiwan.
Organizations should take proactive measures to protect themselves as there is no indication that the cyber campaigns against Taiwan and its economy will slow down any time soon, says Trellix. “In most cases, the things we do to counter common cybercriminals are the same things we should be doing to counter nation-state attacks: training users, up-to-date patches, secure configurations, etc.,” says Parkin.
However, state-level threats have more resources and can deploy more sophisticated malware, more targeted phishing attacks, and have the time and energy to stay persistent, making it crucial for organizations to have their security stack to baseline, Parkin warns.