News Roundup: August 16-30, 2024
Bite-sized news and updates on the latest in Taiwan cybersecurity
Zyxel Networks Hit by Helldown Ransomware: 253GB Data Leaked
August 17, 2024
Zyxel Networks, a Taiwanese leader in networking and cybersecurity solutions based in Hsinchu City, has been hit by the notorious Helldown ransomware group. The attack, first reported on August 17, 2024, resulted in the leak of 253GB of sensitive data. This breach underscores the growing sophistication of ransomware operations, as Helldown has gained prominence for exploiting vulnerabilities across industries. Zyxel, known for its innovation in AI-powered cloud networking, now faces a significant cybersecurity challenge that threatens its reputation and customer trust. As Zyxel continues to release security updates, including addressing vulnerabilities like the critical OS command injection flaw (CVE-2024-7261), this incident highlights the importance of robust defenses even for well-established companies.
Read more about data breaches impacting Taiwan’s technology industry in Data Breach at Chunghwa Telecom.
New Backdoor Targets Taiwanese University with DNS-Based Communication
August 20, 2024
A previously unidentified backdoor, known as backdoor.Msupedge, has been detected in a cyberattack on a Taiwanese university, using DNS traffic to communicate with its command-and-control server. This stealthy technique, rarely seen in cyberattacks, allows Msupedge to receive commands such as creating processes, downloading files, and putting the system to sleep. The initial entry point is believed to be the exploitation of a recent PHP vulnerability (CVE-2024-4577), highlighting the need for heightened security measures in the face of evolving threats to Taiwan's academic institutions.
Nikki Haley Emphasizes Cybersecurity Threats Facing Taiwan in Global Call for Support
August 21, 2024
Speaking on Face the Nation, former U.S. Ambassador Nikki Haley underscored the alarming scale of cybersecurity threats Taiwan faces, revealing that the island endures 30 million cyberattacks every month. She also highlighted China's military intimidation tactics by air and sea. In a separate appearance at the annual Ketagalan Forum in Taipei, Haley called for stronger international backing for Taiwan and urged a coordinated global pushback against China’s claims. She emphasized that Taiwan deserves a seat on the world stage, advocating for its inclusion in the U.N., despite Beijing's efforts to isolate the self-ruled democracy.
Alleged Data Breach Targets Taiwan's PTT Forum
August 21, 2024
A threat actor has claimed responsibility for leaking a database from PTT, one of Taiwan's most prominent online forums with 68 million monthly visits. The alleged breach involves over 35,000 records, including sensitive information such as user IDs, post titles, tags, authors, content, dates, URLs, and user core beliefs. As PTT is a highly influential bulletin board system, the potential exposure of this data raises significant concerns regarding user privacy and the security of Taiwan's digital spaces.
Taiwan Convicts Eight in Major Espionage Case Tied to China
August 22, 2024
Eight current and retired Taiwanese military officers have been convicted in a significant espionage case involving attempts to build a spy network for China. Sentences range from 18 months to 13 years for passing sensitive military information, with some officers accepting bribes from Chinese intelligence agents. The group, which included officers from key military units, was found to have conspired in actions such as leaking classified troop movements and, most notably, plotting to defect with a Chinook helicopter to a Chinese aircraft carrier. This case underscores the persistent efforts of Chinese intelligence to infiltrate Taiwan's military and gather crucial defense information. Taiwan's Ministry of National Defense has called for enhanced national security measures to prevent further breaches.
Read more about China espionage concerns in Taiwan’s TikTok Security Debate.
Taiwan Hosts Key Discussion on Internet Governance and Cybersecurity Challenges in Asia Pacific
August 23, 2024
The Taiwan Network Information Center, in collaboration with the Asia Pacific Regional Internet Governance Forum, hosted a panel in Taipei on August 23, 2024, focusing on emerging challenges in internet governance and cybersecurity across the Asia Pacific region. The discussion highlighted concerns over growing state control over internet infrastructure, with countries such as Vietnam, Cambodia, and Nepal adopting restrictive laws that impose censorship and surveillance, undermining free expression. Panelists emphasized Taiwan's role as a model for rights-based governance and stressed the need for frameworks that promote an open, secure, and interoperable internet while resisting opaque partnerships and excessive state interference. The event underscored Taiwan's commitment to advancing international human rights standards in shaping digital policies and cybersecurity laws, ensuring a free and inclusive digital space.
REPORT: Taiwan Cybersecurity Monthly Report, July 2024
August 27, 2024
In its July 2024 Cybersecurity Monthly Report, Taiwan's Administration for Cyber Security, under the Ministry of Digital Affairs (MODA), revealed an increase in cyber threats targeting government agencies, with 76,572 pieces of joint defense intelligence collected. The leading threats included information collection (43%), intrusion attacks (22%), and hacking attempts (19%). A notable incident involved hackers using social engineering emails, disguised as "Salary Assessment Notifications," exploiting a redirect vulnerability to steal sensitive information. The report also highlighted a significant rise in cybersecurity incident reports, especially in relation to military exercises, pointing to vulnerabilities in access control and encryption mechanisms.
Additionally, on August 16, 2024, MODA made all previous monthly cybersecurity reports dating back to July 2023 publicly available, further emphasizing its commitment to transparency and bolstering defense efforts.
RansomHub Targets Taiwanese Publisher in Latest Ransomware Attack
August 28, 2024
Quanhua Book Company, a prominent Taiwanese publishing house, has fallen victim to a ransomware attack by RansomHub, with 400GB of data held for ransom since August 28, 2024. This incident highlights RansomHub’s growing dominance as a leading Ransomware-as-a-Service (RaaS) operator, following its rebranding from Knight ransomware. With over 210 global victims, RansomHub continues to target systems across various platforms, including VMware ESXi environments. The rise of Meow ransomware, which focuses on selling stolen data rather than encryption, underscores the evolving tactics of ransomware groups, pushing organizations in Taiwan and beyond to adopt stronger cybersecurity measures to guard against these increasingly sophisticated threats.
CyberSec Taiwan
About CyberSec Taiwan
Your source for the latest news and analysis on Taiwan-centric cybersecurity.