Cyberattacks against Taiwan have significantly increased amid escalating tensions with China, reports The Hacker News.
Malicious emails targeted at Taiwan rose by four times from April 7 to April 10, with the networking, manufacturing, and logistics sectors being most affected, while PlugX remote access trojan detections suggesting phishing lure usage for additional payload delivery increased by 15-fold from April 10 to April 13, a report from the Trellix Advanced Research Center revealed.
Many Chinese threat operations have previously leveraged the PlugX RAT to facilitate device takeovers. Taiwan has also been targeted with attacks involving the Kryptik trojan and the FormBook and Zmutzy information stealers, as well as social engineering attacks impersonating legitimate brands to enable credential exfiltration efforts.
"In the past few years, we noticed that geopolitical conflicts are one of the main drivers for cyber attacks on a variety of industries and institutions. Monitoring geopolitical events can help organizations to predict cyber attacks in countries they operate in," said Trellix Advanced Research Center Senior Vice President Joseph Tal.
As part of its latest attacks discovered in June, Tropic Tropper exploited several known Microsoft Exchange Server and Adobe ColdFusion vulnerabilities to distribute an updated China Chopper web shell on a server hosting the Umbraco open-source content management system.
More than 50 Alibaba-hosted command-and-control servers have been leveraged to facilitate the distribution of the backdoor, which impersonates the Java, bash, sshd, SQLite, and edr-agent utilities.
Angola and the Democratic Republic of Congo, which is a new Intellexa client, may have leveraged new Predator infrastructure to enable spyware staging and exploitation, according to an analysis from Recorded Future's Insikt Group.