A hacking group believed to be linked to the Chinese government stole passwords and documentsfrom a Taiwanese government-affiliated research center that specializes in computing, cybersecurity researchers at Cisco Systems Inc. said Thursday.
The attackers used a kind of malicious software tool that’s almost entirely used by China-based groups, after they gained access to the unnamed research center as early as July 2023, Cisco’s Talos threat intelligence group said in a report shared exclusively with Bloomberg News. Based on that and other techniques, Cisco believes with “moderate confidence” that the hackers arepart of a state-sponsored espionage group called APT41, which US officials have linked to China’s Ministry of State Security.
The attack highlights the threat that suspected Chinese cyberattacks pose to Taiwan, the island that’s been the source of escalating tension between the US and China. China claims the island as part of its territory and has vowed to bring it under control. The government in Beijing has long denied any involvement in malicious hacking.
The Chinese Embassy in Washington didn’t return a message seeking comment.
Cyber espionage has become a powerful tool in China’s toolset as it pursues its geopolitical aims, cybersecurity experts say. Recently leaked documents indicate that China-sponsored hackers have compromised high-value geopolitical targets.
In the intrusion at the Taiwanese research center, the attackers deployed an outdated version of Microsoft Corp.’s Office product to facilitate the breach and help to hide their access, said Vitor Ventura, a Talos security researcher. The researchers haven’t determined how the group breached the research center, and they declined to say how much data was stolen during the attack, which lasted 11 days. They also declined to identify the research center by name.
Cybersecurity experts at Alphabet Inc.’s Google last year said they observed a “massive increase” in Chinese cyberattacks on Taiwan. Meanwhile, Taiwan called on experts from the US Treasury Department and American cybersecurity firms to help prepare for more aggressive cyberattacks from Beijing.
APT41, the group tied to the recent hack, is believed to be a Chengdu, China-based hacking group that was accused of compromising at least six US state governments and stealing tens of millions of dollars in US COVID-19 relief funds. A federal grand jury in 2020 indicted alleged hackers tied to the group and accused them of targeting more than 100 victims.
Photograph: A Chinese flag flies at Tiananmen Square in Beijing, China, on Wednesday, July 10, 2024. Photo credit: Na Bien/Bloomberg
Was this article valuable?
Here are more articles you may enjoy.
Verisk’s PCS Classifies CrowdStrike Incident as a Cyber Catastrophe 
Local Opposition Challenges Wind Farm Development in Rural Nebraska 
Nationwide Plans 5% Reduction in Employee Headcount 
How California’s Homeowners Insurance Crisis Is Affecting Brokers 
