Escalating China-Taiwan Tensions Fuel Alarming Surge in Cyber Attacks
19.5.23 BigBrothers The Hacker News
The rising geopolitical tensions between China and Taiwan in recent months have sparked a noticeable uptick in cyber attacks on the East Asian island country.
"From malicious emails and URLs to malware, the strain between China's claim of Taiwan as part of its territory and Taiwan's maintained independence has evolved into a worrying surge in attacks," the Trellix Advanced Research Center said in a new report.
The attacks, which have targeted a variety of sectors in the region, are mainly designed to deliver malware and steal sensitive information, the cybersecurity firm said, adding it detected a four-fold jump in the volume of malicious emails between April 7 and April 10, 2023.
Some of the most impacted industry verticals during the four-day time period were networking, manufacturing, and logistics.
What's more, the spike in malicious emails targeting Taiwan was followed by a 15x increase in PlugX detections between April 10 and April 12, 2023, indicating that the phishing lures acted as an initial access vector to drop additional payloads.
PlugX, a remote access trojan spotted in the wild since 2008, is a Windows backdoor that has been put to use by numerous Chinese threat actors to control victim machines. It's also known for employing DLL side-loading techniques to fly under the radar.
"This technique consists of a legitimate program loading a malicious dynamic link library (DLL) file that masquerades as a legitimate DLL file," Trellix researchers Daksh Kapur and Leandro Velasco said.
"This allows the execution of arbitrary malicious code bypassing security measures that look for malicious code running directly from an executable file."
Besides PlugX, Trellix said it also identified other malware families such as the Kryptik trojan as well as stealers like Zmutzy and FormBook targeting the nation.
That's not all. Some of the socially engineered messages contained links to seemingly innocuous login pages that mimic legitimate brands, including DHL, in an attempt to trick users into entering their credentials.
"In the past few years, we noticed that geopolitical conflicts are one of the main drivers for cyber attacks on a variety of industries and institutions," Joseph Tal, senior vice president of the Trellix Advanced Research Center, said.
"Monitoring geopolitical events can help organizations to predict cyber attacks in countries they operate in."