Chinese Hackers Target Taiwanese Telecom Firms
US network security consulting firm Recorded Future, published a report on Thursday stating that a group suspected of being funded by the Chinese government is targeting Taiwan, Nepal, and the Philippines telecommunications organizations.
The threat group, which researchers tracks as Threat Activity Group 22 (TAG-22), is targeting telecommunications, academic, research and development, and government organizations in the three countries. Some of the activity appears to be ongoing as of now, researchers said.
The latest attack play into a larger backdrop of apparent Chinese hackers snooping on global competition in the telecommunications space, which has become an arena of political and economic conflict between China and the United States.
“In particular, the targeting of the ITRI is notable due to its role as a technology research and development institution that has set up and incubated multiple Taiwanese technology firms,” researchers wrote. “The organization is focused on technology and sustainability projects that align with Chinese development interests. In recent years, Chinese groups have targeted multiple organizations across Taiwan’s semiconductor industry to obtain source code, software development kits, and chip designs.”
Last year, cybersecurity company CyCraft claimed that there was a two-year-long large-scale hacking operation focusing on Taiwan’s semiconductor industry, and this wave of operations is likely to be initiated by Chinese hackers. CrowdStrike, a US computer security technology company, also mentioned in a report last year that telecommunications is one of the areas most frequently targeted by Chinese hackers in the first half of 2020.
The researchers believe TAG-22 is using backdoors used by other Chinese state-sponsored groups, including Winnti Group and ShadowPad for initial access. It also employs open-source security tools like Cobalt Strike. Outside of the telecommunication industry, the threat group has targeted academia, research and development, and government organizations in Nepal, the Philippines, Taiwan, and Hongkong.
While researchers primarily identified the group as operating in Asia, its scope of targets is generally broader, they said. That, as per researchers, puts it in line with other major Chinese hacking groups including APT17 and APT41.