Advertisement
Subscribe to our daily newsletter.
Subscribe

Taiwan suggests China’s Winnti group is behind ransomware attack on state oil company

An attempt to extort CPC, which is responsible for delivering oil products throughout Taiwan, would be a brazen move.

By

CPC ransomware
A CPC gas station in Taiwan. The station's parent company was hit with ransomware. (Wikimedia Commons/Solomon 203)

Taiwanese authorities have suggested that Chinese hackers were behind a ransomware attack against Taiwan’s state oil company, an aggressive assault on one of the island nation’s strategic assets.

Data left behind in the attack, such as a configuration file and domain name, point to the involvement of a group known as Winnti, or something “closely related” to it, Taiwan’s Ministry of Justice said in a statement Friday. Winnti is a broad collection of hackers that cybersecurity researchers have linked with the Chinese government.

Cybersecurity analysts say Beijing’s hackers have long conducted operations against Taiwanese targets to gather intelligence. But an attempt to extort Taiwanese company CPC Corp., which is responsible for delivering oil products throughout Taiwan, would be a much more brazen move. Although the attack didn’t affect the CPC’s energy production, it did disrupt some customers’ efforts to use CPC Corp.’s payment cards to purchase gas.

CyberScoop could not independently confirm that Winnti was involved in the attack. The Chinese Embassy in Washington, D.C., did not immediately respond to a request for comment on the allegation.

Advertisement

The ransomware attack forced CPC to rebuild some of its infrastructure and is part of a spate of recent cyberthreats facing Taiwan.

Multiple “important domestic energy and technology companies” in Taiwan had been hobbled by ransomware in recent weeks, the Ministry of Justice said. It did not explicitly name CPC as a victim. Local media, however, reported the statement referred to CPC and other victims.

Sean Lyngaas

Written by Sean Lyngaas

Sean Lyngaas is CyberScoop’s Senior Reporter covering the Department of Homeland Security and Congress. He was previously a freelance journalist in West Africa, where he covered everything from a presidential election in Ghana to military mutinies in Ivory Coast for The New York Times. Lyngaas’ reporting also has appeared in The Washington Post, The Economist and the BBC, among other outlets. His investigation of cybersecurity issues in the nuclear sector, backed by a grant from the Pulitzer Center on Crisis Reporting, won plaudits from industrial security experts. He was previously a reporter with Federal Computer Week and, before that, with Smart Grid Today. Sean earned a B.A. in public policy from Duke University and an M.A. in International Relations from The Fletcher School of Law and Diplomacy at Tufts University.

In This Story

Advertisement
Advertisement

More Like This

Advertisement

Top Stories

Advertisement

More Scoops

Commander of the U.S. Cyber Command Army Gen. Paul Nakasone, Jen Easterly, Director of the Homeland Security Department’s Cybersecurity and Infrastructure Security Agency, and FBI Director Christopher Wray testify before the House (Select) Strategic Competition Between the United States and the Chinese Communist Party Committee on Capitol Hill on January 31, 2024 in Washington, DC. The Committee heard from intelligence officials on China’s Cyber threat to the United States. (Photo by Kevin Dietsch/Getty Images)

FBI director warns of China’s preparations for disruptive infrastructure attacks

By Derek B. Johnson

Latest Podcasts

Special CyberTalks Edition with National Cyber Director Harry Coker

Image of a microphone for a podcast series

Tackling AI-powered threats with zero trust and least privilege access

Securing the Skies: Aerospace Cybersecurity with David Brumley

Verizon’s Lamont Copeland on defending against the expanding attack surface

Government

Technology

Threats

Geopolitics