A hacker group with suspected ties to the Chinese government has reportedly conducted over 85 cyber-espionage attacks on Taiwan-based organizations, according to a new report from intelligence firm Insikt Group, though not all of the attempts were successful.Insikt says RedJuliett, also known as Flax Typhoon, is operating from Fuzhou, China, and is presumably conducting its attacks to gain knowledge of Taiwan’s government, trade, and technologies. “Fuzhou falls within the PLA Eastern Theater Command, which heavily focuses on targeting Taiwan,” the report states.The tracked incidents all took place between November 2023 and April 2024. RedJuliett reportedly uses SoftEther VPN software and primarily exploits known vulnerabilities in VPNs, firewalls, and load balancers to gain access to various universities, companies, and government institutions. The group also used structured query language (SQL) injection and directory traversal exploits (HTTP exploits) to gain access to data.Once attackers gained access to a compromised server, they used the “China Chopper” web shell and were able to remotely execute code. They also used open-source tools like JuicyPotato and BadPotato, Insikt reports. The group hasn’t just targeted Taiwan, however. It’s also been tied to an unspecified US cyberattack and over half a dozen attacks on other countries in Asia, including South Korea and a handful of countries in Africa. Insikt notes that two dozen organizations were compromised globally in a six-month period, including government entities in Taiwan, Laos, Kenya, and Rwanda. Microsoft documented Flax Typhoon’s existence and ties to China in August, noting that the group appeared focused on attacking organizations in Taiwan. Chinese hacking groups more broadly have also attacked US government agencies, and even firms like Fortinet and Microsoft itself. Insikt’s investigation did not specify whether there is any connection between Flax Typhoon and another Chinese hacking group dubbed Volt Typhoon, which also uses “living off the land” techniques to conduct its attacks. It also didn’t name which specific companies, government agencies, or universities it believes were compromised.
Recommended by Our Editors
“Within Taiwan, we observed RedJuliett heavily target the technology industry, including organizations in critical technology fields. RedJuliett conducted vulnerability scanning or attempted exploitation against a semiconductor company and two Taiwanese aerospace companies that have contracts with the Taiwanese military,” Insikt said. Taiwan has a substantial tech industry and is home to Taiwan Semiconductor Manufacturing Corp. (TSMC), one of the biggest chip manufacturers in the world, as well as other tech firms like Quanta and Framework. Last month, Bloomberg reported that TSMC and ASML, another tech firm producing chips in Taiwan, could shut down their manufacturing if China invaded Taiwan.
Like What You’re Reading?
Sign up for SecurityWatch newsletter for our top privacy and security stories delivered right to your inbox.
This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.
