Taiwan government-backed research organization targeted by APT41 hackers

Avatar

A Taiwanese government-affiliated research institute working on sensitive technologies was breached by one of China’s most infamous hacking operations, researchers said Thursday. 

The organization, which was not named, was attacked in a campaign that started as early as July 2023, according to a new report from Cisco Talos. The researchers said the victim “specializes in computing and associated technologies.” 

“The nature of research and development work carried out by the entity makes it a valuable target for threat actors dedicated to obtaining proprietary and sensitive technologies of interest to them,” the researchers said. Taiwan is a global leader in areas such as semiconductors.

Cisco Talos  attributed the campaign to APT41 — a China-based group indicted by the Justice Department in 2020 for using ransomware and other tools to attack more than 100 companies and governments around the globe.

Five Chengdu-based members of the group — Zhang Haoran, Tan Dailin, Jiang Lizhi, Qian Chuan and Fu Qiang — are wanted by the FBI and would face decades in prison for dozens of intrusions, including several software supply chain attacks.

Cisco Talos said it was able to tie the attack on the Taiwanese government-affiliated research institute to APT41 based on specific kinds of malware, tactics and open-source tools used. The hackers deployed the ShadowPad malware — a hallmark of China-based hackers — and several additional tools were written in Simplified Chinese.

The researchers were not able to determine how the group first gained access to the victim’s network but said the hackers compromised at least three devices and were “able to exfiltrate some documents from the network.”

The hackers used backdoors and compression tools to exfiltrate a large number of files. 

The members of APT41 have been implicated in both criminal and nation-state attacks. APT41 is well-known for targeting government organizations for intelligence gathering and private enterprises for financial gain.

APT41 has also been implicated in several cyber incidents involving Southeast Asia. Last month, researchers at cybersecurity firm Sophos tracked another 2023 campaign where hackers spent nearly two years targeting an unspecified high-level government department in search of information about the country’s strategy concerning the hotly contested South China Sea.

Nation-stateChinaMalwareNewsTechnologyNews Briefs
Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

Jonathan Greig

is a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.

 

Total
0
Shares
Previous Post

US releases Russian hackers and spies as part of prisoner swap

Next Post

Hackers directly email customers of immigration firm after damaging cyberattack

Related Posts

Embarking on a Compliance Journey? Here’s How Intruder Can Help

Navigating the complexities of compliance frameworks like ISO 27001, SOC 2, or GDPR can be daunting. Luckily, Intruder simplifies the process by helping you address the key vulnerability management criteria these frameworks demand, making your compliance journey much smoother. Read on to understand how to meet the requirements of each framework to keep your customer data safe. How Intruder
Avatar
Read More