Rising China-Taiwan Tensions Ignite Sharp Increase in Cyber Attacks

May 18, 2023
Cyber Warfare / Threat Intelligence

Recent geopolitical strains between China and Taiwan have led to a significant rise in cyber attacks targeting the island nation. According to a report from the Trellix Advanced Research Center, “The conflict stemming from China’s claim over Taiwan, combined with Taiwan’s push for independence, has resulted in a troubling escalation of cyber threats.” These attacks, aimed at various sectors, primarily focus on deploying malware and stealing sensitive data. The cybersecurity firm noted a staggering four-fold increase in malicious emails between April 7 and April 10, 2023, with sectors such as networking, manufacturing, and logistics being particularly affected. Following this surge, the region saw a 15x spike in PlugX detections between April 10 and April 12, 2023.

Rising China-Taiwan Tensions Ignite Surge in Cyber Attacks

May 18, 2023

Recent months have witnessed a significant escalation in tensions between China and Taiwan, resulting in a marked increase in cyber attacks aimed at the East Asian island nation. According to a new report from the Trellix Advanced Research Center, the ongoing geopolitical strife—rooted in China’s assertion of sovereignty over Taiwan versus Taiwan’s long-standing pursuit of independence—has manifested in a troubling spike in cyber threats.

The comprehensive analysis indicates that a wide range of malicious tactics has been deployed against various sectors within Taiwan, including networking, manufacturing, and logistics. The primary objectives of these attacks are to inject malware and exfiltrate sensitive information. Notably, Trellix reported a staggering four-fold rise in the volume of malicious emails within a short span from April 7 to April 10, 2023, highlighting the urgency of the situation.

Following this initial surge in email-based attacks, a further escalation was identified between April 10 and April 12, 2023, marked by a 15-fold increase in the detection of PlugX—a type of remote access Trojan commonly associated with advanced persistent threats. This continued escalation underscores not only the strategic targets chosen by attackers but also their potential intent behind such calculated onslaughts.

From a cybersecurity perspective, the tactics utilized in these cyber attacks align with various techniques outlined in the MITRE ATT&CK framework. Initial access likely includes spear phishing and exploitation of known vulnerabilities, methods frequently observed in cyber engagements involving espionage or information theft. Once inside, attackers may employ persistence techniques to maintain access, while privilege escalation maneuvers could allow them to maneuver deeper within the targeted networks.

The stakes involved are exceedingly high for businesses operating in Taiwan or those with connections to the region, as the fallout from such cyber incidents can lead to data breaches and significant operational disruptions. Understanding the nature of these threats, alongside the tactics used, is crucial for organizations aiming to bolster their cybersecurity frameworks amidst this evolving landscape.

In conclusion, as the geopolitical climate continues to strain, the rise in cyber attacks serves as a stark reminder for business owners to reassess their cybersecurity measures. Preparing for potential breaches and understanding the tactics employed by adversaries is essential in safeguarding digital assets and maintaining operational integrity.

Source link

Related Posts

Beware the ZIP File: Phishers Exploit .ZIP Domains to Deceive Victims

May 29, 2023
Cyber Threat / Online Security

A new phishing technique dubbed “file archiver in the browser” is being used to imitate file archiver software, such as WinRAR, within web browsers when victims visit a .ZIP domain. Security researcher mr.d0x revealed that this phishing attack involves creating a realistic landing page using HTML and CSS to mimic genuine file archive software, hosted on a .ZIP domain to enhance its legitimacy.

In a typical attack, cybercriminals can redirect users to a credential theft page when they click on a file that appears to be included within the fake ZIP archive. Another alarming tactic involves listing a harmless non-executable file, only for the actual download to be an executable file instead, as noted by mr.d0x…

Dark Pink APT Group Utilizes TelePowerBot and KamiKakaBot in Complex Campaigns

On May 31, 2023, it was reported that the Advanced Persistent Threat (APT) group known as Dark Pink has launched five new attacks targeting various organizations in Belgium, Brunei, Indonesia, Thailand, and Vietnam between February 2022 and April 2023. The targets include educational institutions, government agencies, military organizations, and non-profit entities, highlighting the group’s ongoing focus on high-value assets. Also referred to as the Saaiwc Group, Dark Pink is believed to originate from the Asia-Pacific region, primarily directing its attacks towards East Asia, with some activity observed in Europe. The group employs a variety of custom malware tools, including TelePowerBot and KamiKakaBot, to facilitate the exfiltration of sensitive data from compromised systems. “The group uses a range of sophisticated custom tools and deploys multiple kill chains, often leveraging spear-phishing emails,” noted Andrey Polovinkin, a security researcher at Group-IB, in a technical report.

Cyclops Ransomware Group Unveils Go-Based Info Stealer for Cybercriminals

Threat actors associated with the Cyclops ransomware have been identified promoting malware designed to steal sensitive information from compromised systems. According to a recent report by Uptycs, the group markets its offerings on forums, seeking a share of profits from those using its tools for malicious activities. Cyclops ransomware is particularly notable for its ability to target major desktop operating systems, including Windows, macOS, and Linux, while also terminating any processes that might hinder encryption. The macOS and Linux versions are developed in Golang, utilizing a sophisticated encryption method that combines both asymmetric and symmetric techniques. The Go-based info stealer targets Windows and Linux systems, gathering critical data such as operating system details, computer name, and other specifications.

Clop Ransomware Group Likely Aware of MOVEit Transfer Vulnerability Since 2021

Jun 08, 2023
Ransomware / Zero-Day

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have released a joint advisory about the ongoing exploitation of a newly identified critical flaw in Progress Software’s MOVEit Transfer application, which is being used to deploy ransomware. “The Cl0p Ransomware Group, also known as TA505, reportedly began taking advantage of an undisclosed SQL injection vulnerability in the MOVEit Transfer managed file transfer (MFT) solution,” the agencies noted. “Internet-facing MOVEit Transfer web applications were compromised with a web shell called LEMURLOOT, which was then utilized to extract data from the underlying databases.” This notorious cybercrime group has also issued a deadline to several affected organizations, demanding contact by June 14, 2023, or they risk having their stolen information disclosed. Microsoft is monitoring this activity under the name Lace Tempest (also known as Storm).