RedJuliett [1] [2] [3] [4] [5] [6] [7] [8] [9] [10] [11] [12] [13], a suspected Chinese state-sponsored hacking group [1] [5] [8] [10], also known as Flax Typhoon and Ethereal Panda [7] [12], intensified its cyber espionage campaigns targeting Taiwanese organizations from November 2023 to April 2024.
Description
RedJuliett exploited vulnerabilities in SoftEther VPN software to gain access to servers and compromised 24 organizations, including government agencies in Taiwan [3] [5] [9] [11], Laos [1] [3] [5] [9] [11], Kenya [1] [3] [5] [9] [11], and Rwanda [3] [9], as well as religious organizations in Hong Kong and South Korea [5] [11], and universities in the US and Djibouti [5] [11]. The group’s activities were aimed at supporting Beijing’s intelligence collection efforts on Taiwan’s economic, diplomatic relations [6] [7] [9] [12], and critical technology development [1] [9] [10]. RedJuliett targeted over 70 academic, government [1] [2] [3] [4] [5] [6] [7] [8] [9] [10] [11] [12] [13], think tank [3] [9], and technology organizations in Taiwan [3] [6] [7] [9] [12], as well as multiple de facto embassies operating on the island [3]. The group used various exploitation techniques [9], including creating a SoftEther VPN bridge or client in victim networks and utilizing Acunetix Web Application Security Scanners for reconnaissance and exploitation [9]. RedJuliett focused on critical technology companies in Taiwan to gather intelligence on economic policy, trade [2] [7] [9] [12] [13], and diplomatic relations [6] [7] [9] [12].
Conclusion
RedJuliett’s cyber-espionage attacks on Taiwanese organizations pose significant cybersecurity threats, particularly to the tech industry, which includes major chip manufacturers like TSMC [2]. Organizations must prioritize and patch vulnerabilities to protect against such threats. Chinese state-sponsored groups are expected to continue targeting Taiwanese government agencies [1] [10], universities [1] [4] [5] [10] [11], and critical technology companies through public-facing devices like open-source VPN software [1] [10], highlighting the importance of defense-in-depth strategies for organizations to counter these threats [9].
References
[1] https://www.theweek.in/wire-updates/international/2024/06/24/fgn32-china-taiwan-ld-hackers.html
[2] https://me.pcmag.com/en/security/24309/china-backed-redjuliett-hackers-target-taiwan-via-vpn-firewall-exploits
[3] https://www.infosecurity-magazine.com/news/china-redjuliett-targets-taiwan/
[4] https://www.aljazeera.com/economy/2024/6/24/china-backed-hackers-stepping-up-attacks-on-taiwan-cybersecurity-firm-says
[5] https://apnews.com/article/china-taiwan-hackers-cybersecurity-breach-b8fdd95b2e0f36e368662925368caa58
[6] https://cyber.vumetric.com/security-news/2024/06/24/redjuliett-cyber-espionage-campaign-hits-75-taiwanese-organizations/
[7] https://thehackernews.com/2024/06/redjuliett-cyber-espionage-campaign.html
[8] https://hosted.ap.org/dailycourier/article/b8fdd95b2e0f36e368662925368caa58/chinese-hackers-have-stepped-attacks-taiwanese
[9] https://www.recordedfuture.com/redjuliett-intensifies-taiwanese-cyber-espionage-via-network-perimeter
[10] https://www.aol.com/news/chinese-hackers-stepped-attacks-taiwanese-040326169.html
[11] https://www.washingtonpost.com/business/2024/06/24/china-taiwan-hackers-cybersecurity-breach/cd4d2b90-31de-11ef-872a-1d22f44a0d95_story.html
[12] https://www.redpacketsecurity.com/redjuliett-cyber-espionage-campaign-hits-75-taiwanese-organizations/
[13] https://uk.pcmag.com/security/152952/china-backed-redjuliett-hackers-target-taiwan-via-vpn-firewall-exploits