September 23, 2024 at 02:18AM A suspected APT from China targeted a Taiwanese government organization and other APAC countries by exploiting a security flaw. The activity uses various techniques and malware like Cobalt Strike and EAGLEDOOR to infiltrate and gather data from government and energy sectors. The threat actor’s sophistication and adaptability are notable. Key … Read more
September 9, 2024 at 02:15AM In 2024, a previously unknown threat actor, named TIDRONE, targeted drone manufacturers in Taiwan in a cyber attack campaign. Trend Micro suspects Chinese-speaking groups’ involvement and notes espionage-driven activity. The attack involves custom malware like CXCLNT and CLNTEND, exploiting an ERP software commonality, and using backdoors via Microsoft Word to … Read more
September 8, 2024 at 09:02PM Researchers have identified a threat actor named “TIDrone” targeting military and satellite supply chains, specifically drone manufacturers in Taiwan. Trend Micro has linked TIDrone to Chinese-speaking groups, using ERP software and remote desktop tools to deploy advanced malware. The actor utilizes specialized toolsets including “CXCLNT” and “CLNTEND” to compromise targets … Read more
June 24, 2024 at 03:18PM A Chinese state-sponsored hacking group known as RedJuliett has intensified attacks on Taiwanese organizations, particularly in government, education, technology, and diplomacy sectors. They exploited a vulnerability in SoftEther VPN software to access servers. The group’s activities align with Chinese state-sponsored hacking patterns. Recorded Future expects continued targeting of Taiwanese agencies, … Read more
May 29, 2024 at 05:12PM Cooler Master, a Taiwan-based computer hardware manufacturer, experienced a data breach when a threat actor claimed to have stolen 103 GB of data, including personal information of 500,000 Fanzone members. The breach involved corporate, vendor, sales, warranty, inventory, and HR data. Cooler Master’s customer support tickets and RMA requests were … Read more
November 12, 2023 at 07:50PM Australia’s National Cyber Security Coordinator has labeled an attack on DP World, a logistics company, as a “nationally significant cyber incident.” The attack caused DP World’s technology infrastructure at four Australian ports to go offline, resulting in the closure of the facilities. DP World handles 40 percent of the containers … Read more
October 10, 2023 at 09:54AM A new advanced persistent threat (APT) group called Grayling has been targeting Taiwanese organizations, as well as a government entity in the Asia-Pacific region and organizations in the US and Vietnam. The group likely operates from a region with a strategic interest in Taiwan, implying a possible link to China. … Read more
October 10, 2023 at 07:00AM A previously unknown threat actor named Grayling has been identified as the culprit behind a series of cyberattacks on organizations in Taiwan, including manufacturing, IT, and biomedical sectors. Symantec’s Threat Hunter Team discovered the attacks, which began in February and utilized a distinct DLL side-loading technique to deploy payloads. The … Read more