Chinese hackers increase attacks on Taiwan opposition before January’s presidential election: US security firm
Phishing e-mails sent in attempt to get information about policies and speeches, says FireEye, which has identified a Chinese state-backed group called APT16 as carrying out attacks
PUBLISHED : Monday, 21 December, 2015, 11:08am
UPDATED : Monday, 21 December, 2015, 6:11pm
Bloomberg
China, which considers Taiwan to be one of its provinces, is wary of the Democratic Progressive Party ’s views on Taiwan independence. Photo: Reuters
Chinese hackers have attacked Taiwanese targets including local news organisations and the opposition Democratic Progressive Party in a bid to get information about policies and speeches ahead of presidential and legislative elections next month.
An attack on the unnamed media outlets came in the form of phishing e-mails with the subject line “DPP’s Contact Information Update”, according to research by American security company FireEye, which identified a Chinese state-backed group called APT16 as carrying out attacks.
Hackers also infiltrated e-mails of party staff, changing security protocols and writing messages spoofing the account holders in what may have been an attempt to deliver malicious code, according to one of the victims.
Taiwan goes to the polls January 16 and opinion surveys show the DPP is likely to win a legislative majority, with its leader Tsai Ing-wen securing the presidency after eight years of nationalist Kuomintang rule.
China, which considers Taiwan to be one of its provinces, is wary of the DPP’s views on Taiwan independence and advocacy of more caution in its relationship with the mainland.
As well as not wanting the DPP in power, China might want to understand the party better so as to undermine them with access to non-public information, Jordan Berry, FireEye’s principal threat intelligence analyst said. “There’s a lot of people in China who want and need information for their own intelligence purposes.“
Read more: China accused of hacking into Australian government’s weather bureau
China’s Ministry of Foreign Affairs did not reply to a faxed request for comment.
FireEye provides malware- and network-threat protection systems. After its Mandiant division alleged in February 2013 that China’s military might be behind a group that hacked at least 141 companies worldwide since 2006, the US issued indictments against five military officials who were purported to be members of that group.
Another target in Taiwan appears to be William Stanton, a former US diplomat to Taiwan, who said he had received multiple warnings from Google that his Gmail account might be targeted by government hackers.
“If you were directed to this page from a warning displayed above your Gmail inbox, we believe that state-sponsored attackers may be attempting to compromise your account or computer,” the warning read without identifying the country.
“It’s likely that you received emails containing malicious attachments, links to malicious software downloads, or links to fake websites that are designed to steal your passwords or other personal information.”
Stanton, who was director of the American Institute in Taiwan from 2009 to 2012 in a position akin to ambassador, told Bloomberg he believed he was being targeted because of his former role as well as his current position as dDirector of Taiwan’s National Tsing Hua University Centre for Asia Policy.
While the DPP had been under attack for months, the frequency had picked up in the past few weeks, said Ketty Chen, deputy director of international affairs at the DPP, whose own account was compromised.
Chen was among as many as 50 DPP staff targeted by hackers and was alerted when she noticed inconsistencies in the writing style of a colleague in internal correspondence.
“There were fake e-mails that looked like they came from her,” Chen said. “When I read it, the style was not how she would talk so I called to ask if she really sent it, and she hadn’t.”
Chen received e-mails purporting to come from Tsai’s speechwriter and another from a member of the DPP’s cross-strait policy team. In each case the e-mail asked the recipient to open an attachment purporting to be a draft document. Hackers typically send e-mails to targets hoping they will open attachments loaded with malware that infiltrate their computers, providing links to those of colleagues’ computers and contacts.
With concerns over security of their work accounts, some DPP staff switched to Gmail, Chen said. Chen’s Gmail account was compromised when hackers turned off the two-step identification verification process by deleting her mobile number, and adding a forwarding address so that all incoming e-mails went to an external Gmail account.
The allegations come weeks after China’s state-run Xinhua news agency reported that an investigation into an alleged theft of data from the US Office of Personnel Management had shown the attack was carried out by criminals, rather than being state-sponsored as previously suspected by the US government.
Cyberspace must not become a “battlefield” between states, President Xi Jinping said at the World Internet Conference conference last Wednesday in Wuzhen, and he called for greater cooperation on punishing cyberattacks and fighting terrorism.
