Escalating China-Taiwan Tensions Triggering a Worrying Surge in Cyber Attacks
That increase geopolitical tensions between China and Taiwan in recent months has sparked a marked increase in cyber attacks on the East Asian island nation.
“From malicious emails and URLs to malware, the tension between China’s claims to Taiwan as part of its territory and Taiwan’s defended independence has grown into a worrying wave of attacks,” Trellix Center for Advanced Research said. said in a new report.
The attack, which targeted various sectors in the region, was primarily designed to deliver malware and steal sensitive information, the cybersecurity firm said, adding that it detected a fourfold spike in the volume of malicious emails between April 7 and April 10. , 2023.
Some of the industry verticals most affected during the four-day time period were networking, manufacturing and logistics.
What’s more, the spike in malicious emails targeting Taiwan has been followed by a 15x increase in PlugX detections between April 10 and April 12, 2023, indicating that phishing baits act as early access vectors to drop additional payload.
PlugX, a remote access trojan found in the wild since 2008, is a Windows backdoor that has been used by many Chinese threat actors to take control of victims’ machines. It was also known for using the ETC side-loading technique to fly under the radar.
“This technique consists of a legitimate program loading a malicious dynamic link library (DLL) file disguised as a legitimate DLL file,” said Trellix researchers Daksh Kapur and Leandro Velasco.
“This allows arbitrary execution of malicious code bypassing security measures that look for malicious code running directly from an executable file.”
Zero Trust + Deception: Learn How to Outsmart Attackers!
Discover how Fraud can detect advanced threats, stop lateral moves, and improve your Zero Trust strategy. Join our insightful webinar!
Apart from PlugX, Trellix also identifies other malware families such as Kryptic trojan as well as thieves like It will mutate and FormBook targets the nation.
“In recent years, we’ve seen that geopolitical conflict is one of the main drivers of cyber attacks across a variety of industries and institutions,” said Joseph Tal, senior vice president of the Trellix Advanced Research Center.
“Monitoring geopolitical events can help organizations predict cyber attacks in the countries where they operate.”