The Taiwanese government on Wednesday accused Chinese government-linked hackers of targeting 10 Taiwanese government agencies and 6,000 email accounts of officials in an escalation of Beijing’s long-running espionage on the island.
Over the course of two years, Chinese hackers have infiltrated a variety of Taiwanese government offices in an effort to steal sensitive documents, Liu Chia-zung, an official in the Taiwan Investigation Bureau’s Cyber Security Investigation Office, said at a press conference.
Liu conceded that with the breach of key IT infrastructure, at least some data may have been exposed.
It is only the latest in a wave of suspected Chinese hacking campaigns to hit Taiwan, which China considers its territory. The Taiwanese semiconductor industry, a centerpiece of the global supply chain for smartphones, has also come under sustained assault from hackers that appear to be based in China, private researchers said earlier this month. And in May, Taiwan suggested that a broad set of suspected Chinese hackers known as Winnti was behind a ransomware attack on Taiwan’s state oil company.
The Chinese Embassy in Washington, D.C., did not respond to a request for comment on the new allegations. Beijing has previously denied conducting such cyberattacks.
The accusations come amid tensions in the region over a new national security law that the Chinese government is using to assert control in Hong Kong. Taiwanese officials said this week that they would closely monitor Chinese citizens who leave Hong Kong for Taiwan to prevent espionage.
In the latest activity detailed Wednesday, the hackers exploited virtual private network (VPN) software to break into networks, and then smuggled the stolen data out using their own encrypted connections, according to the Taiwan Investigation Bureau. One of the pieces of code alleged used in the attacks is known as Taidoor, which the U.S. government earlier this month said Chinese hackers had been using for at least 12 years.
“Chinese actors have been targeting system integrators and information service providers for a long time,” said TT Tsai, chief executive of TeamT5, a Taiwan-based cybersecurity company. While Taiwanese government agencies have improved their own defenses, the IT service providers they rely on are a weak spot, Tsai said.
Among the Chinese hackers that Taiwanese officials reportedly blamed for the activity was APT40, which security firm FireEye says has been active in multiple Southeast Asian countries in support of China’s “Belt and Road” infrastructure development strategy.
“Taiwan has been a principal target of Chinese cyber espionage,” said Ben Read, senior manager of analysis at Mandiant, FireEye’s incident response arm. “While we haven’t examined this specific activity, the groups identified by the Taiwanese government are known for heavily targeting the island. The tactics discussed, including exploiting vulnerable internet facing devices and spear phishes, are ones that Chinese groups use against targets around the globe.”
The U.S. government, which sells arms to Taiwan, has tried to bolster the island’s cybersecurity defenses. Last November, the American Institute in Taiwan, the de-facto U.S. embassy on the island, sponsored a drill that simulated attacks on Taiwanese public and private organizations.