Taiwan Targeted In Espionage Campaign

Uploaded on 2024-07-02 in NEWS-Cybersecurity News, INTELLIGENCE-Hot Spots-China, GOVERNMENT-National, FREE TO VIEW, TECHNOLOGY--Hackers

Chinese state-sponsored hackers have been targeting dozens of organisations in Taiwan, including universities, state agencies, electronics manufacturers and religious organisations, according to new  research. At least 75 government, technology, and academic organisations across Taiwan have been targeted for reconnaissance as part of a cyber espionage operation.

The hacking group, known as RedJuliett, is likely interested in Taiwan’s economic policies and diplomatic relations with other countries, according to analysts from Recorded Future’s Insikt Group.

RedJuliett exploited vulnerabilities in Internet-facing appliances, such as firewalls and virtual private networks (VPNs), to compromise its targets, which included tech firms, government agencies and universities, Recorded Future said.

RedJuliett, also known as Flax Typhoon, was first identified by Microsoft in 2023 but has been active since mid-2021, predominantly targeting Taiwan.

“Microsoft has observed a distinctive pattern of malicious activity almost exclusively affecting organisations in Taiwan using techniques that could be easily reused in other operations outside the region and would benefit from broader industry visibility. Microsoft attributes this campaign to Flax Typhoon (overlaps with ETHEREAL PANDA), a nation-state actor based out of China,” according to Microsoft.

In another espionage campaign observed between December 2023 and April 2024 by Insikt Group, the group conducted reconnaissance or attempted exploitation of Taiwanese organisations, along with other targets  in Hong Kong, Malaysia, Laos, the Philippines, South Korea, Kenya, Rwanda, Djibouti and the US.

In Taiwan, which faces ongoing sovereignty threats from China, the group shows an interest in technology companies, including those involved in the development of optoelectronics, facial recognition and semiconductors. The hackers' targets also include aerospace companies that have contracts with the Taiwanese military, computing industry associations and religious organisations.

RedJuliett is known for exploiting Internet-facing devices such as firewalls, load balancers, and enterprise VPNs for initial access

Like many other Chinese threat actors, the group is likely targeting vulnerabilities in these devices because they have limited visibility and security solutions available, and targeting them has proven to be an effective way to scale initial access, researchers said.

According to the Inskit report, RedJuliett likely operates from Fuzhou, the capital of Fujian province in China, which is relatively close to Taiwan.  RedJuliett will “almost certainly” continue to conduct high-tempo cyber-espionage operations with a focus on Taiwanese technology, government, educational, and think tank organisations, according to Insikt Group.

“We also anticipate that Chinese state-sponsored groups will continue to focus on conducting reconnaissance against and exploiting public-facing devices, as this has proved a successful tactic in scaling initial access against a wide range of global targets,” researchers added.

Attacks by RedJuliett have also successfully compromised two dozen entities around the world, including government organisations in Kenya, Laos, and Rwanda, during the same period, an analysis from Recorded Future's Insikt Group showed.

Recorded Future     |     Microsoft     |     Al Jazeera     |     SC Media     |     The Hacker News   |   The Record    

Image: Ideogram

You Might Also Read: 

China Is Predicted To Expand Its Cyber Espionage Operations:  

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Preparing For A South China Sea Cyber Storm
Hacker Responsible For Wiper Malware Identified »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

vArmour

vArmour

vArmour is the industry’s first distributed security system that provides insight and control for multi-cloud environments.

PrimaTech

PrimaTech

PrimaTech provide process safety, cyber and process security, and risk management consulting, training and software for the process industries.

International Federation of Robotics (IFR)

International Federation of Robotics (IFR)

The International Federation of Robotics connects the world of robotics around the globe. Our members come from the robotics industry, industry associations and research & development institutes.

CyberTrap

CyberTrap

CyberTrap is an advanced highly-interactive deception technology allowing real-time analysis and control of security breaches.

Zettaset

Zettaset

Zettaset’s XCrypt Data Encryption Platform delivers proven protection for Object, Relational/SQL, NoSQL, and Hadoop data stores…in the cloud and on-premises.

GV (Google Ventures)

GV (Google Ventures)

GV provides venture capital funding to bold new companies in the fields of life science, healthcare, artificial intelligence, robotics, transportation, cyber security and agriculture.

SecondWrite

SecondWrite

SecondWrite’s next-generation malware detection engine delivers a combination of automatic deep code inspection and accurate scoring of zero-day malware.

Presidio

Presidio

Presidio is a leading North American IT solutions provider focused on Digital Infrastructure, Business Analytics, Cloud, Security & Emerging solutions.

CYSIAM

CYSIAM

CYSIAM provides world-leading expertise in offensive security and critical incident response. We train our clients to be able to protect themselves and respond to attacks and breaches when they occur.

Singtel Innov8

Singtel Innov8

Singtel Innov8, the venture capital arm of the Singtel Group, invests in and partners with innovative technology start-ups globally.

Armata Cyber Security

Armata Cyber Security

Armata exists to bring Cyber Security to all people – from home users and SMBs to large enterprises. We believe all users have the right to an affordable yet effective Cyber Security solution.

CyberEPQ

CyberEPQ

CyberEPQ (Cyber Extended Project Qualification) is the UK’s first and only Extended Project Qualification in Cyber Security.

Hudson Rock

Hudson Rock

Hudson Rock’s products — Cavalier & Bayonet — are powered by our cybercrime database, composed of millions of machines compromised by Infostealers in global malware spreading campaigns.

NuKuDo

NuKuDo

NukuDo redefine the boundaries of cybersecurity talent development. We are dedicated to cultivating top-tier professionals equipped to tackle the complex challenges of cybersecurity.

TELUS

TELUS

TELUS provide Canadian businesses with the services and solutions they need to securely thrive in a digital world. Partner with a cybersecurity leader you can rely on.

Archipelo

Archipelo

At Archipelo, we empower organizations with Developer Security - to increase software security and compliance throughout the development lifecycle.