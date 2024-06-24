(CTN News) – A suspected Chinese state-sponsored hacking RedJuliett gang has increased its targeting of Taiwanese organizations, notably those in government, education, technology, and diplomacy, according to cybersecurity intelligence firm Recorded Future.

In recent years, ties between China and Taiwan, a self-governing island across the Taiwan Strait that Beijing claims as territory, have worsened. The cyberattacks by the organization RedJulliett occurred between November 2023 and April 2024, before Taiwan’s presidential elections in January and the following change in government.

RedJuliett has previously targeted Taiwanese businesses, but this is the first time such activity has been spotted on such a large scale, according to a Recorded Future analyst who spoke on anonymity due to safety concerns.

RedJuliett targeted 24 groups, including the government.

According to the research, RedJuliett targeted 24 groups, including government entities in Laos, Kenya, Rwanda, and Taiwan. It also attacked religious groups’ websites in Hong Kong and South Korea, a university in the United States and one in Djibouti. The study does not name the organizations.

According to Recorded Future, RedJuliett gained access to those locations’ servers using a weakness in their SoftEther corporate virtual private network (VPN) software, which is an open-source VPN that permits remote connections to an organization’s network.

RedJuliett has been seen trying to get into the systems of over 70 Taiwanese businesses, including three colleges, an optoelectronics firm, and a face recognition company with government contracts.

It was uncertain if RedJuliett could break into such organizations. Recorded Future merely said that it saw efforts to detect weaknesses in their networks. According to Recorded Future, RedJuliett’s hacking tendencies are similar to those of Chinese state-sponsored organizations.

Based on IP address geolocation, RedJulliett is most likely headquartered in Fuzhou, China’s southern Fujian province, whose shoreline borders Taiwan.

Given the geographical closeness between Fuzhou and Taiwan, Chinese intelligence agencies based in Fuzhou are most likely tasked with gathering information on Taiwanese targets, according to the research.

According to the Recorded Future assessment, RedJuliett is most likely targeting Taiwan to gather information and promote Beijing’s cross-strait relations policymaking.

Both China’s and Taiwan’s foreign ministries refrained from commenting right away. Microsoft said in August last year that Taiwanese organizations were the target of RedJuliett, which Microsoft monitors under the moniker Flax Typhoon.

China has increased military exercises near Taiwan in recent years and put diplomatic and economic pressure on the island. Following the election of Taiwan’s new president, Lai Ching-te, in January—whom China has labeled a separatist—and his declaration during his inaugural address that Taiwan and China were not subservient to one another, ties between Beijing and Taipei further deteriorated.

Like his predecessor, Tsai Ing-wen, Lai said Taiwan is already an independent sovereign state and does not need a declaration of independence. Like many other nations, including the US, China has a history of cyberespionage. The US and Britain accused China earlier this year of conducting a massive cyberespionage operation that affected millions of individuals.

Beijing has always insisted that it is not involved in state-sponsored hacking and is often the subject of cyberattacks. Recorded Future predicts that Chinese state-sponsored organizations will probably continue using public-facing tools like open-source VPN software, which provides restricted visibility and tracking capabilities, to target Taiwanese government agencies, academic institutions, and important technological enterprises.

According to Recorded Future’s threat intelligence analyst, businesses and organizations may best defend themselves by prioritizing and fixing vulnerabilities as soon as they are discovered.

