According to Recorded Future, a suspected Chinese state-sponsored hacking group has increased targeting of Taiwanese organizations in government, technology, diplomatic, and education sectors.

Cyberattacks conducted by the group RedJulliett between November 2023 and April 2024 are a stark example of the heightened tensions between China and Taiwan. These cyberattacks occurred in the midst of Taiwan’s Presidential election, and subsequent administration change. According to a report by Recorded Future, RedJulliett has already attacked at least 24 organizations spanning across Laos, Kenyan, Rwandan, and Taiwanese government agencies. However, this is the first time RedJulliett’s activity has been recorded on this level. RedJulliett’s methodology included exploiting a vulnerability present in an organization’s SoftEther enterprise virtual private network (VPN) software. So far, RedJulliett has attempted to break into the internal networks of over 70 Taiwanese organizations. It is estimated that due to the locations associated with the IP addresses, it is estimated that RedJulliett is operating out of Fuzhou, a city in China’s Fujian province that faces Taiwan. The report produced by Recorded Future offered up this conclusion “Given the close geographical proximity between Fuzhou and Taiwan, Chinese intelligence services operating in Fouzhou are likely tasted with intelligence collection against Taiwanese targets”.

Read more:

https://www.securityweek.com/chinese-hackers-have-stepped-up-attacks-on-taiwanese-organizations-cybersecurity-firm-says/