Cyber attacks have increasingly become a tool for geopolitical aggression, as countries around the world invest in cyber capabilities to augment their military and political strength. In recent months, the longstanding diplomatic standoff between China and Taiwan seems to have spilled over into cyberspace, with incidents of cyber attacks against Taiwan surging to alarming levels. This article examines the details of the rising cyber attacks on Taiwan and the implications of these developments for cybersecurity operations.
Targeted Sectors and Objectives of Cyber Attacks in Taiwan
Taiwan is a burgeoning high-tech hub and a strategic military ally of the United States, and it is no surprise that Beijing views Taiwan’s achievements with suspicion. Recent cyberattacks on Taiwan have been aimed at multiple sectors, including logistics, manufacturing, and networking. These attacks have attempted to steal sensitive information and compromise networks through malware-laden messages and social engineering tactics.
Detection of Malicious Emails: Increase in Volume as of April 2023
One of the most striking indicators of the upswing in cyber attacks on Taiwan is the volume of malicious emails detected by various cybersecurity firms. According to Trellix, a cybersecurity company, the volume of malicious emails detected on the island increased fourfold between April 7 and April 10, 2023. This indicates a coordinated and sustained series of attacks by actors believed to be linked to Chinese state-sponsored cyber operations.
Industries affected by cyber attacks in Taiwan
The increased volume of malicious emails targeting Taiwan has been paralleled by a spike in the detection of PlugX, a remote access Trojan (RAT) that has been employed by various Chinese threat actors to gain control of targeted systems. According to Trellix, PlugX detections increased by a factor of 15 between April 10 and April 12, 2023. Industries impacted by these cyber attacks include logistics, manufacturing, and networking, with significant implications for supply chain management, production, and communication.
Surge in PlugX Detections: Trend in April 2021
PlugX is a RAT that has been on the cyber threat radar since 2008. It allows an attacker to gain complete access to the victim’s machine, enabling the attacker to execute commands, steal data, and maintain persistent control. The sudden surge in PlugX detections suggests that Chinese threat actors may be ramping up their cyber capabilities in a bid to exert greater influence over Taiwan.
Overview of PlugX: a Remote Access Trojan and Chinese Threat Actor Tool
PlugX is not a novel tool, but it remains a potent and widely used malware by Chinese threat actors. It is distributed via spam emails, malicious attachments, and websites, and it targets Windows operating systems. PlugX is difficult to detect and remove, and its multifunctional capabilities make it a popular choice for cyber espionage and targeted attacks.
Other identified malware families targeting Taiwan are Kryptik, Zmutzy, and FormBook
PlugX is not the only malware targeting Taiwan. Trellix reports that it has also identified the Kryptik Trojan, which is used to steal data and execute commands, and stealers like Zmutzy and FormBook, which are designed to steal login credentials and other sensitive information. Together, these malware families pose a significant threat to Taiwan’s cybersecurity operations and integrity.
Social engineering tactics used in cyber attacks in Taiwan include phishing emails and fake login pages
Social engineering tactics continue to be a favorite tool in the hackers’ toolbox, and cyber attacks on Taiwan are no exception. Hackers have employed numerous tactics, including phishing emails that pose as legitimate messages, fake login pages that mimic real brands, and other methods of deception to lure unsuspecting users into revealing their login credentials. In particular, bait messages claiming to be from DHL have been used to target Taiwanese businesses and individuals.
Importance of geopolitical monitoring in cybersecurity operations
The rise of cyber attacks on Taiwan emphasizes the importance of geopolitical monitoring in cybersecurity operations. Security companies and government agencies need to track and analyze the complex web of relations, interests, and tensions that underpin international politics and cybersecurity in order to anticipate cyber attacks and devise more effective cybersecurity measures to counter them.
The recent surge in cyberattacks on Taiwan highlights the need for heightened vigilance and innovative cybersecurity solutions in the face of geopolitical conflicts. The increasing weaponization of cyberspace underscores the need for greater investment in cybersecurity capacity and coordination between security agencies and private companies. While the situation in Taiwan is concerning, it is part of a larger trend that has seen cyberattacks become an increasingly popular tactic in political and military conflicts worldwide.