ADVERTISEMENT

International

Suspected Chinese Hackers Hit Taiwanese Research Center

A Chinese flag flies at Tiananmen Square in Beijing, China, on Wednesday, July 10, 2024. The Third Plenum, set for July 15-18, is one of the most important political meetings of the Chinese Communist Party. It's expected to unveil a series of economic reforms and policies aimed at addressing long-standing issues that have impeded growth and recovery. (Na Bien/Bloomberg)

(Bloomberg) -- A hacking group believed to be linked to the Chinese government stole passwords and documents from a Taiwanese government-affiliated research center that specializes in computing, cybersecurity researchers at Cisco Systems Inc. said Thursday.

The attackers used a kind of malicious software tool that’s almost entirely used by China-based groups, after they gained access to the unnamed research center as early as July 2023, Cisco’s Talos threat intelligence group said in a report shared exclusively with Bloomberg News. Based on that and other techniques, Cisco believes with “moderate confidence” that the hackers are part of a state-sponsored espionage group called APT41, which US officials have linked to China’s Ministry of State Security.

The attack highlights the threat that suspected Chinese cyberattacks pose to Taiwan, the island that’s been the source of escalating tension between the US and China. China claims the island as part of its territory and has vowed to bring it under control. The government in Beijing has long denied any involvement in malicious hacking.

“We oppose any groundless smears and accusations against China. China does not encourage, support or condone attacks launched by hackers,” Liu Pengyu, a spokesperson for the Chinese embassy in Washington, said in an emailed statement. The US has “compiled and spread all kinds of disinformation about the threats posed by the so-called 'Chinese hackers,'” Liu said, adding that China opposes this and will “take necessary measures” to safeguard its rights and interests. 

Cyber espionage has become a powerful tool in China’s toolset as it pursues its geopolitical aims, cybersecurity experts say. Recently leaked documents indicate that China-sponsored hackers have compromised high-value geopolitical targets.

In the intrusion at the Taiwanese research center, the attackers deployed an outdated version of Microsoft Corp.’s Office product to facilitate the breach and help to hide their access, said Vitor Ventura, a Talos security researcher. The researchers haven’t determined how the group breached the research center, and they declined to say how much data was stolen during the attack, which lasted 11 days. They also declined to identify the research center by name.

Cybersecurity experts at Alphabet Inc.’s Google last year said they observed a “massive increase” in Chinese cyberattacks on Taiwan. Meanwhile, Taiwan called on experts from the US Treasury Department and American cybersecurity firms to help prepare for more aggressive cyberattacks from Beijing.

APT41, the group tied to the recent hack, is believed to be a Chengdu, China-based hacking group that was accused of compromising at least six US state governments and stealing tens of millions of dollars in US Covid-19 relief funds. A federal grand jury in 2020 indicted alleged hackers tied to the group and accused them of targeting more than 100 victims.

(Updates with comments from Chinese embassy in fourth paragraph.)

©2024 Bloomberg L.P.