Trojan-Horse Tactics Enhance Political Tension Between China and Taiwan

Cyber Espionage Actions on the Rise amid China–Taiwan Tensions

The recent political tensions between China and Taiwan have led to a surge in cyber espionage attacks against organizations in Taiwan, according to recent research by Trellix. Between April 7 and 10 of this year, the company cited a fourfold rise in phishing emails targeting Taiwanese companies, with the networking/IT, manufacturing, and logistics sectors being the most impacted. The phishing emails followed different archetypes, including fake shipment updates from DHL, fake orders for bulk cement, and fake payment overdue notifications. Some of the emails contained malicious attachments, while others had links to fake login pages designed to harvest credentials.

The researchers from Trellix also reported a significant increase in the number of instances of PlugX, a decade-old remote access Trojan that is common among Chinese state-linked threat actors. PlugX is notable for its stealthiness, using DLL sideloading to evade Windows security measures and run arbitrary code on a target machine. Some of the other malware families spotted in attacks against Taiwan include Zmutzy, a Trojan written in .NET, and Formbook, an infostealer-as-a-service with downloader capabilities.

Patrick Flynn, the head of commercial threat intelligence at Trellix, said that the majority of the attacks appear to be nation-state-sponsored, with about 40% of them targeting Taiwan officials and agencies.

Cyberattacks in the China–Taiwan Conflict

The conflict between China and Taiwan has been ongoing for 75 years, with China claiming sovereignty over Taiwan. Recently, tensions have increased following diplomatic meetings between American and Taiwanese officials, Chinese military drills in the Taiwan Strait, and the parallel conflict in Ukraine. Cyberattacks have historically played a role in the Taiwan conflict, with cyber warfare being considered a less politically dangerous way for the more powerful side to target their adversary.

Mike Parkin, a senior technical engineer at Vulcan Cyber, said, “Cyberwarfare is an attractive option for a number of nation states, as it lets them target their adversaries without escalating to a ‘shooting war.'” In January 2023, for example, Trellix observed a 30-fold increase in extortion emails sent to Taiwanese officials. “Though it’s unclear if this activity is from China-backed threat actors, it speaks to a continued increase in attacks specifically targeting Taiwan,” the researchers explained.

Defending Against Nation-State Cyber Threats

Based on the research, there is no indication that cyber campaigns against Taiwan and its economy will slow down any time soon. Organizations are, therefore, under pressure to defend themselves against the growing threats. Mike Parkin suggests that “the things we do to counter common cybercriminals are the same things we should be doing to counter nation-state attacks: training users, up-to-date patches, secure configurations, etc.” However, he warns that “state-level threats are likely to have more resources and can deploy more sophisticated malware, more targeted phishing attacks, and they have the time and energy to stay persistent.” Therefore, “facing threats like that makes it even more important for us to have our security stack at least to baseline.”

Editorial

The recent rise in cyber espionage attacks targeting Taiwanese companies is a concerning trend. The use of sophisticated tactics by state-sponsored threat actors signifies a new level of cyber warfare that threatens not only Taiwanese companies, but also the wider Asia-Pacific region. The fact that cyber attacks can be carried out anonymously makes them particularly attractive to nation-state actors. As governments, organizations, and individuals become increasingly connected through technology, it is vitally important that we take cybersecurity seriously to mitigate the risks of these malicious actions.

Advice

• Ensure that your cybersecurity defenses are up to date, with all software and firmware regularly patched and updated to plug any known vulnerabilities.
• Employee awareness and training programs are essential in reducing the risks posed by phishing emails and other social engineering tactics used by threat actors.
• Implementing multi-factor authentication will help reduce the risk of credential theft, and proper configuration and segmentation of networks will help contain breaches and slow the spread of malware.
• Partnering with reputable third-party security providers can bring a significant level of expertise to an organization in identifying and responding to attacks.