Financial Crime World

Chinese Cyberespionage Group Hammers Taiwan’s Financial Sector with Months-Long Attack

Taiwanese Financial Institutions Under Siege

A sophisticated hacking group believed to be affiliated with the Chinese government has carried out a prolonged attack on Taiwan’s financial sector, exploiting a vulnerability in security software used by nearly 80% of local financial organizations.

Attack Details

  • The attacks began in late November 2021 and continued through this month.
  • The hacking group, code-named “Operation Cache Panda,” is attributed to APT10, a well-known Chinese cyber-espionage group.
  • The attackers disguised their attacks as credential stuffing attempts, using them as a cover to gain access to trading accounts and execute large transactions on the Hong Kong stock market.

True Objective of the Attack

  • However, researchers revealed that these attacks were merely a ruse, and the true objective was to exploit a vulnerability in a security tool’s web interface.
  • By planting a version of the ASPXCSharp web shell and using tools like Impacket and Quasar RAT, the attackers gained persistent remote access to infected systems through reverse RDP tunnels.

Stolen Data

  • The stolen data includes:
    • Brokerage information
    • Personal identifiable information (PII)
    • Sensitive business intelligence

Expert Warning

“This prolonged attack campaign highlights the ongoing threat posed by Chinese cyberespionage groups to Taiwan’s financial sector,” said a CyCraft spokesperson. “The objective of these attacks appears not to be financial gain but rather the exfiltration of sensitive information and disruption of investment during a period of economic growth for Taiwan.”

History of Chinese Cyberattacks on Taiwan

This latest development is not surprising, given Taiwan’s history with Chinese cyberattacks. The country has been repeatedly targeted by APT10 and other state-sponsored groups in recent years.

Conclusion

As investigations into these attacks continue, experts warn that financial institutions must prioritize cybersecurity measures to prevent similar breaches.