News Roundup: September 1-15, 2024
Bite-sized news and updates on the latest in Taiwan cybersecurity
Unauthorized VPN Access for Sale Targeting Taiwanese Bank
September 7, 2024
A threat actor is reportedly offering unauthorized VPN access to a major Taiwanese bank headquartered in Taipei, raising significant cybersecurity concerns. The bank, with a revenue of around $17 billion, is being targeted through an F5 BIG-IP VPN, a critical component of its network security infrastructure. The price for this illicit access is negotiable, signaling a potential breach that could have severe implications for the bank's sensitive data and operations. This incident underscores the escalating cybersecurity risks faced by prominent financial institutions in Taiwan.
China-Linked Cyber Espionage Targets Taiwan's Military Industry
September 09, 2024
Security researchers have identified a threat cluster, named TIDRONE, targeting companies within Taiwan's military supply chain, particularly focusing on drone manufacturers. TIDRONE, linked to Chinese-speaking groups, has been deploying malware through enterprise resource planning (ERP) and remote desktop software, suggesting a potential supply chain attack. The malware, dubbed CXCLNT and CLNTEND, allows the group to collect sensitive system information, upload and download files, and perform remote access operations. While the group has previously targeted other countries, its activities in Taiwan shifted towards the military sector between April and July, and more recently, the satellite industry. Analysis points to espionage motives, given the sensitive nature of the data held by the targeted industries.
Read more about Taiwan’s Resilience in the Semiconductor Supply Chain.
TeamT5 Collaboration to Bolster Cybersecurity in Asia-Pacific
September 10, 2024
TeamT5 Inc. has announced a partnership with CEL LTD, Inc., a prominent white hat hacker company in Japan, to enhance cybersecurity support within the Japanese market. By leveraging threat intelligence from across the Asian region, this collaboration aims to strengthen cybersecurity measures in both Japan and the broader Asia-Pacific region. The partnership is set to expand its range of services by harnessing the strengths and expertise of both companies, contributing to improved regional cybersecurity defenses.
Coordinated DDoS Attacks Target Taiwanese Government Websites
September 12, 2024
Two hacker groups, RipperSec and NoName057(16), have claimed responsibility for a series of DDoS attacks on Taiwanese government websites. RipperSec issued a warning to Taiwan regarding its stance toward China and relationship with Israel, threatening to escalate attacks to critical infrastructure like banks if Taiwan does not respond peacefully. NoName057(16) also continues its campaign against Taiwan’s online infrastructure, targeting multiple tax administration websites across various counties. Meanwhile, the Executive Yuan condemned suspected pro-Russia cyberattacks that affected the Taiwan Stock Exchange (TWSE) and several local financial institutions. Despite these attacks, Taiwan has implemented strong countermeasures, increasing the cost of successful DDoS attacks and utilizing techniques like "flow cleaning" to prevent disruptions. The Ministry of Digital Affairs continues to monitor the situation, ensuring national cybersecurity remains intact.
NoName057(16) DDoS Attack in Focus: Targeting Taiwan’s Stock Exchange Website
September 12, 2024
On September 12, 2024, the Taiwan Stock Exchange (TWSE) experienced a brief outage due to a distributed denial-of-service (DDoS) attack reportedly carried out by the pro-Russian hacker group NoName057(16). The attack, which caused delays on the TWSE website, occurred around 3 p.m. local time after the market had closed, with normal trading hours ending at 1:30 p.m. The hacker group claimed these attacks were retaliation for comments made by President William Lai, suggesting that China should reclaim land ceded to Russia in the Treaty of Aigun. Despite the attack causing temporary disruption, the TWSE confirmed that its core trading systems were unaffected, and operations soon returned to normal.
Exploring Cloud-to-On-Premises Security Risks at HITCON Enterprise 2024
September 15, 2024
At HITCON Enterprise 2024, Echo Lee, a cybersecurity researcher at CyCraft Technology, will shed light on hidden security risks within hybrid cloud services in a session called, "Skyfall - Lateral Movement from Azure to On-Premises Environment." While hybrid cloud architecture offers benefits to enterprises by merging cloud and on-premises environments, the blurred trust boundaries between these systems often provide a gateway for attackers. Unlike the more commonly studied attacks from on-premises to the cloud, Lee will focus on the lesser-explored vulnerabilities stemming from cloud-to-on-premises pathways. The presentation will examine how Azure services, such as Azure LAPS, Microsoft Intune, and Cloud Kerberos Trust, can be leveraged for cyberattacks. Attendees will learn about detection and mitigation methods to bolster their hybrid cloud security and protect critical assets.
CyberSec Taiwan
About CyberSec Taiwan
Your source for the latest news and analysis on Taiwan-centric cybersecurity.