Chinese state-linked hackers target Taiwanese entities amid rising cross-strait tensions
Taiwan’s Foreign Ministry provided no comment, while China dismissed the allegations.
A suspected Chinese state-linked hacking group is increasingly targeting Taiwanese entities, particularly those within government, education, technology, and diplomacy sectors, as reported by cybersecurity intelligence firm Recorded Future. In recent times, the relationship between China and Taiwan has faced escalating tensions. The cyber assaults attributed to the group dubbed RedJuliett occurred between November 2023 and April 2024, coinciding with Taiwan’s presidential elections in January and the subsequent change in leadership.
While RedJuliett has previously targeted Taiwanese organisations, the recent wave of attacks marked a significant escalation in scope. The hacking attempts by RedJuliett targeted over 70 Taiwanese entities, including universities, an optoelectronics firm, and a facial recognition company with government contracts. While the success of these infiltration attempts remains unclear, Recorded Future only confirmed the observed efforts to identify network vulnerabilities.
Recorded Future revealed that RedJuliett exploited a vulnerability in the SoftEther enterprise virtual private network (VPN) software to breach the servers of these organisations. The open-source VPN facilitates remote connections to an organisation’s networks. The modus operandi of RedJuliett aligns with tactics commonly associated with Chinese state-sponsored groups, as per Recorded Future’s analysis. The geolocations of IP addresses suggest that RedJuliett likely operates from Fuzhou, a city in China’s Fujian province facing Taiwan’s coast.
The report speculated that Chinese intelligence services in Fuzhou are likely engaged in intelligence gathering against Taiwanese targets to support Beijing’s policymaking on cross-strait relations through RedJuliett’s activities. While Taiwan’s Ministry of Foreign Affairs refrained from immediate comments, a spokesperson from the Chinese Foreign Ministry dismissed the allegations, citing a lack of credibility in Recorded Future’s claims.
Why does it matter?
China’s increased military exercises around Taiwan and diplomatic pressures have exacerbated tensions, particularly following the election of Taiwan’s President Lai Ching-te, labeled a ‘separatist’ by China. Amidst escalating cyberespionage activities globally, Recorded Future anticipates continued targeting of Taiwanese government agencies, universities, and critical technology firms by Chinese state-sponsored groups. The firm recommends organisations prioritise patching vulnerabilities promptly to enhance their cybersecurity.
About author
DW Team
The GIP Digital Watch Observatory team, consisting of over 30 digital policy experts from around the world, excels in the fields of research and analysis on digital policy issues. The team is backed by the creative prowess of Creative Lab Diplo and the technical expertise of the Diplo tech team.