Taiwan government-backed research organization targeted by APT41 hackers

Avatar

A Taiwanese government-affiliated research institute working on sensitive technologies was breached by one of China’s most infamous hacking operations, researchers said Thursday. 

The organization, which was not named, was attacked in a campaign that started as early as July 2023, according to a new report from Cisco Talos. The researchers said the victim “specializes in computing and associated technologies.” 

“The nature of research and development work carried out by the entity makes it a valuable target for threat actors dedicated to obtaining proprietary and sensitive technologies of interest to them,” the researchers said. Taiwan is a global leader in areas such as semiconductors.

Cisco Talos  attributed the campaign to APT41 — a China-based group indicted by the Justice Department in 2020 for using ransomware and other tools to attack more than 100 companies and governments around the globe.

Five Chengdu-based members of the group — Zhang Haoran, Tan Dailin, Jiang Lizhi, Qian Chuan and Fu Qiang — are wanted by the FBI and would face decades in prison for dozens of intrusions, including several software supply chain attacks.

Cisco Talos said it was able to tie the attack on the Taiwanese government-affiliated research institute to APT41 based on specific kinds of malware, tactics and open-source tools used. The hackers deployed the ShadowPad malware — a hallmark of China-based hackers — and several additional tools were written in Simplified Chinese.

The researchers were not able to determine how the group first gained access to the victim’s network but said the hackers compromised at least three devices and were “able to exfiltrate some documents from the network.”

The hackers used backdoors and compression tools to exfiltrate a large number of files. 

The members of APT41 have been implicated in both criminal and nation-state attacks. APT41 is well-known for targeting government organizations for intelligence gathering and private enterprises for financial gain.

APT41 has also been implicated in several cyber incidents involving Southeast Asia. Last month, researchers at cybersecurity firm Sophos tracked another 2023 campaign where hackers spent nearly two years targeting an unspecified high-level government department in search of information about the country’s strategy concerning the hotly contested South China Sea.

Nation-stateChinaMalwareNewsTechnologyNews Briefs
Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

Jonathan Greig

is a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.

 

Total
0
Shares
Leave a Reply

Your email address will not be published. Required fields are marked *

Previous Post

US releases Russian hackers and spies as part of prisoner swap

Next Post

Mirai Botnet targeting OFBiz Servers Vulnerable to Directory Traversal

Related Posts

OVHcloud Hit with Record 840 Million PPS DDoS Attack Using MikroTik Routers

French cloud computing firm OVHcloud said it mitigated a record-breaking distributed denial-of-service (DDoS) attack in April 2024 that reached a packet rate of 840 million packets per second (Mpps). This is just above the previous record of 809 million Mpps reported by Akamai as targeting a large European bank in June 2020. The 840 Mpps DDoS attack is said to have been a combination of a TCP
Avatar
Read More