PRC hackers increase aim at Taiwan targets, report says

A suspected People’s Republic of China (PRC)-sponsored hacking group has stepped up its targeting of organizations in Taiwan, particularly those in government, education, technology and diplomacy, according to cybersecurity intelligence company Recorded Future.

In recent years, relations have deteriorated between the PRC and Taiwan, a self-governed island across the Taiwan Strait that Beijing claims as its territory and threatens to annex. The cyberattacks by the group known as RedJuliett were observed between November 2023 and April 2024, during the lead up to Taiwan’s presidential elections in January and the subsequent change in administration.

RedJuliett has targeted Taiwanese organizations previously, but not at such a scale, a Recorded Future analyst said.

The report said RedJuliett attacked 24 organizations, including government agencies in places like Laos, Kenya and Rwanda, as well as Taiwan.

It also hacked into websites of religious organizations in Hong Kong and South Korea, a United States university and a Djiboutian university.

Recorded Future said RedJuliett accessed the servers via a vulnerability in their SoftEther enterprise virtual private network (VPN) software, an open-source VPN that allows remote connections to an organization’s networks.

The U.S., with its Allies and Partners, has countered PRC-linked hackers with joint advisories, guidance to help organizations hunt for and detect malign actors, economic sanctions, hacker network disruption, and international defensive cyber operations at the request of partner nations.

RedJuliett has been observed attempting to break into systems of more than 70 Taiwan organizations, including three universities, an optoelectronics company and a facial recognition company that has contracts with the government.

It was unclear if RedJuliett managed to break into those organizations. RedJuliett’s hacking patterns match those of Chinese Communist Party (CCP)-sponsored groups, according to Recorded Future.

It said that based on the geolocations of IP addresses, RedJulliett is likely based out of the city of Fuzhou, in China’s southern Fujian province, whose coast faces Taiwan.

“Given the close geographical proximity between Fuzhou and Taiwan, Chinese intelligence services operating in Fuzhou are likely tasked with intelligence collection against Taiwanese targets,” the report said.

“RedJuliett is likely targeting Taiwan to collect intelligence and support Beijing’s policy-making on cross-strait relations,” the Recorded Future report said.

Microsoft reported in August 2023 that RedJuliett, which Microsoft tracks under the name Flax Typhoon, was targeting Taiwan organizations.

Earlier this year, the U.S. and Britain accused China of a sweeping cyberespionage campaign that allegedly hit millions of people.

According to Recorded Future, CCP-sponsored groups will likely keep targeting Taiwan agencies, universities and critical technology companies via “public-facing” devices such as open-source VPN software, which provide limited visibility and logging capabilities.PRC hackers increase aim at Taiwan targets, report says