With geopolitical tensions and a trade war acting as a backdrop, China-led cyberattacks on Taiwan are rising sharply, according to multiple security reports.
In the latest report about alleged China-sponsored cyberattacks on Taiwan, Kate Morgan, a senior engineering manager in Google's Threat Analysis Division, told Bloomberg that Google is tracking close to 100 hacking groups out of China. The malicious groups are attacking a wide spectrum of organizations, including the government, private industry players and defense organizations.
A spike in cyberattacks originating from China was also reported by Microsoft. A “nation-state” hacking group referred to as Flax Typhoon, believed to be active since 2021 and based in China, has targeted a range of Taiwanese organizations in telecom, education, energy, and information technology, according to a Microsoft Security blog post in August
"Flax Typhoon gains and maintains long-term access to Taiwanese organizations' networks with minimal use of malware, relying on tools built into the operating system, along with some normally benign software to quietly remain in these networks," the Microsoft blog said.
The hacking group’s behavior and targets suggest that it is performing espionage, Microsoft said. Though Flax Typhoon uses a number of hacking tools, it relies mainly on living-off-the-land techniques, and makes initial inroads into systems by taking advantage of vulnerabilities in web-connected servers using web shells like China Chopper, Microsoft said.
In adition, a recent Fortinet study cited widely in media reports revealed that the cybersecurity company detected as many as 15,000 cyberattacks per second on Taiwan in the first half of the current year. This marked an increase of 80% compared to the same period in 2022. Common techniques were distributed denial-of-service attacks (DDoS) and use of DoublePulsar, a backdoor implant tool developed by the US National Security Agency.
Geopolitical tensions shadow attacks on Taiwan
Geopolitics act as a backdrop behind the increasing number of cyberattacks on Taiwanese infrastructure. Relationships between Taiwan and China worsened after Nancy Pelosi, then speaker of the US House of Representatives, visited Taiwan in August 2022. Earlier this year, there were concerns that China would invade Taiwan in the wake of worsening ties with the US, which backs Taiwan. China views Taiwan as part of its territory, though it has been independent since 1949 and has a separate, democratically elected government.
A semiconductor trade war is also a factor in the deteriorating ties between the US and China. Nearly 92% of the world's advanced semiconductors with nodes below 10 nanometers are manufactured in Taiwan, making it crucial to the global economy. Any disruption in manufacturing can result in a global shortage.
Last year, the US announced restrictions on selling advanced chips to China, which retaliated by limiting the export of Gallium and Germanium, a key component in chip production. Recently, the US came up with additional restrictions on exports of semiconductors and chip-making equipment to China.
In a recent interview with the New York Times, Taiwan's President, Tsai Ing-wen, said that China is too "overwhelmed" with its "internal economic, financial as well as political problems" to invade Taiwan. Nevertheless, tensions between China and the US, as well as between China and Taiwan, are not likely to end soon, and companies with business in Taiwan or China should take note, experts say.
Defending against techniques used by nation-state actors “begins with vulnerability and patch management, particularly on systems and services exposed to the public internet,” Microsoft said in its blog. “The credential access techniques used can also be mitigated with proper system hardening.”
No comments:
Post a Comment