June 24, 2024 at 03:18PM
A Chinese state-sponsored hacking group known as RedJuliett has intensified attacks on Taiwanese organizations, particularly in government, education, technology, and diplomacy sectors. They exploited a vulnerability in SoftEther VPN software to access servers. The group’s activities align with Chinese state-sponsored hacking patterns. Recorded Future expects continued targeting of Taiwanese agencies, universities, and technology firms.
From the meeting notes, we have identified the following key takeaways:
– A suspected Chinese state-sponsored hacking group known as RedJuliett has intensified its targeting of Taiwanese organizations, particularly those in government, education, technology, and diplomacy sectors.
– The cyberattacks by RedJuliett were observed between November 2023 and April 2024, coinciding with Taiwan’s presidential elections and the subsequent change in administration.
– Recorded Future’s report revealed that RedJuliett attacked 24 organizations, including government agencies in Laos, Kenya, Rwanda, as well as Taiwan, and also targeted websites of religious organizations in Hong Kong and South Korea, a U.S university, and a Djiboutian university.
– The group accessed the servers of these organizations via a vulnerability in their SoftEther enterprise virtual private network (VPN) software, indicating the importance of prioritizing and patching vulnerabilities.
– The hacking patterns of RedJuliett match those of Chinese state-sponsored groups, and it is likely based out of Fuzhou, in China’s southern Fujian province.
– The Chinese Foreign Ministry dismissed the allegations of state-sponsored hacking, denying any involvement and accusing the reporting company of fabricating disinformation.
– Recorded Future suggested that Chinese state-sponsored groups will likely continue to target Taiwanese government agencies, universities, and critical technology companies via “public-facing” devices such as open-source VPN software.
In conclusion, the escalation of cyberattacks by RedJuliett targeting Taiwanese organizations poses a significant threat, and organizations are advised to prioritize and patch vulnerabilities to protect themselves from such attacks.