China-backed hackers step up spying on Taiwan: security firm

Recorded Future said cyberespionage targeting Taiwan has intensified with a focus on its technology industry.

Suspected Chinese state-sponsored hackers have intensified cyber-espionage activities against Taiwanese targets since late last year, with a particular focus on its technology sector, an online security company said in a new report.

U.S. cybersecurity company Recorded Future said RedJuliett – a “likely Chinese state-sponsored group” – has conducted a campaign to collect intelligence on government, academic, technology, and diplomatic organizations in Taiwan over the six months from last November.

The RedJuliett campaign likely aimed to "support Beijing's intelligence collection on Taiwan's economic and diplomatic relations, as well as critical technology development," Insikt Group, a team of researchers from Recorded Future, said in the report.

The hacking group likely operates from Fuzhou, the capital of southeastern China’s Fujian province, according to the researchers. Fujian is on the west of the Taiwan Strait and is the closest Chinese province to Taiwan.

Insikt added RedJuliette “exploited known vulnerabilities in network edge devices such as firewalls, virtual private networks (VPNs), and load balancers for initial access.”

The hacking group, believed to be active since at least mid-2021, also used the aliases Flax Typhoon and Ethereal Panda.

RedJuliett conducted network reconnaissance or attempted exploitation of more than 70 Taiwanese organizations, including representative offices overseas.

“Within Taiwan, we observed RedJuliett heavily target the technology industry, including organizations in critical technology fields,” the cybersecurity company said.

RedJuliett conducted vulnerability scanning or attempted exploitation against a semiconductor company and two Taiwanese aerospace companies that have contracts with Taiwan’s military, as well as eight electronics manufacturers, two universities focused on technology, an industrial embedded systems company, a technology-focused research and development institute, and seven computing industry associations.

Besides Taiwan, the group also expanded its operations to compromise organizations in Hong Kong, Malaysia, Laos, South Korea, the United States, Djibouti, Kenya, and Rwanda, according to the U.S. firm.

China’s ‘destabilizing’ actions

When asked about the Recorded Future report, Chinese foreign ministry’s spokesperson Mao Ning said she was not aware of it.

Mao, however, said that the U.S. firm has “fabricated disinformation” about China in the past.

International security companies have warned against multiple hacking campaigns linked to the Chinese state and targeting foreign governments and organizations.

China has repeatedly denied any involvement.

Beijing considers the self-governed Taiwan a Chinese province that should be reunified with the mainland, by force if needed.

Last Friday, China warned that supporters of independence for Taiwan could be tried in absentia and sentenced to death for "splitting the country."

The U.S. on Monday condemned China’s “escalatory and destabilizing language and actions” against Taiwan.

State Department spokesperson Matthew Miller told a press briefing that threats and legal warfare "will not achieve peaceful resolution to cross-strait differences."

“We continue to urge restraint and no unilateral change to the status quo. And we urge the PRC to engage in meaningful dialogue with Taiwan,” Miller said, referring to China by its official name the People’s Republic of China.

Edited by Taejun Kang.