Cyber experts say government entities in Taiwan have faced much higher cyberthreats than usual over the past few days. The tensions between China and the United States are obviously not foreign to this.
As Taipei claims that Beijing is preparing an invasion of its territory and that the political situation is more tense than ever in the area, the Taiwanese authorities indicate that the government and the presidential administration have been victims of cyber threats of high importance on August 2, from computer attackers. At the same time, Speaker of the United States House of Representatives Nancy Pelosi was visiting Taiwan, rekindling Sino-American tensions.
A peak of detections recorded on July 29, before attacks against various major infrastructures and services in Taiwan
Trellix, a benchmark in cybersecurity born from the merger between McAfee and FireEye, has studied the situation closely and tells us that it observed a peak in detections during the day of July 29, 2022. On that day, the company noted 32,000 detections, compared to 9,000 to 17,000 usually.
” Part of the detections noted between July 29 and August 6, 2022 were directed against Taiwan government entities says Trellix’s Principal Security Researcher, Anne An. hostile to China.
The most recent development dates from August 3. According to Trellix, a group of Chinese hackers, known as APT27 (which would be different from the group actually named APT27, better known as Emissary Panda), announced on social networks a major cyber operation against Taiwan’s government departments, infrastructure and business organizations.
Hackers smother Taiwan, China collects data
On August 7, this notorious APT27 group claimed responsibility for a whole series of computer attacks carried out against the presidential office of Taiwan, the Taiwan Power Company (local EDF), the National Police Agency and the administration of highways of the island. . ” The group also threatened to leak government information and publicize vulnerabilities in Taiwanese network devices and equipment. adds Anne An.
The situation is all the more tense as APT27 continued its communication the next day (August 8) and declared that it had taken control of more than 200,000 Internet-connected devices in Taiwan. The group added that this action would allow it to exploit these networks to potentially launch even more damaging and destructive attacks.
Trellix reveals that Chinese cybercriminal networks have collected a huge amount of personal data from many Taiwanese universities, hospitals, government organizations and companies. ” This information could be used to facilitate targeted attacks as well as to launch fraud, phishing and cyber espionage “Warns the firm, which also fears ransomware-type attacks.
In any case, we can note similarities between what Trellix observes in Taiwan and what has been observed in Ukraine, with a spike in malicious activity that could constitute the beginnings of an offensive action by the State.
3