Chinese Hackers Target Taiwan’s Satellite and Military Industries
Taipei,Taiwan – September 9, 2024 – Trend Micro,a leading cybersecurity firm, has issued a warning about a Chinese hacking group, TIDrone, which has been actively targeting Taiwan’s satellite and military industries since thebeginning of the year. The hackers appear to have a particular interest in attacking drone manufacturers.
The revelation comes amid heightened tensions in the Taiwan Strait, with Chinesecyberattacks against Taiwan becoming increasingly frequent. While previous attacks have primarily focused on government agencies, high-tech industries, and educational institutions, TIDrone’s activities signal a shift towards targeting Taiwan’s emerging defense technology sector.
Trend Micro’s investigation, based on numerous security incident reports from Taiwan, revealed that TIDrone has been consistently targeting the military supply chain. Analysis of malicious software on VirusTotal, a platform for malware analysis, indicates that Taiwan is not the only targetof these hackers, raising concerns for other countries as well.
The researchers believe that TIDrone is likely employing supply chain attacks, exploiting the use of similar Enterprise Resource Planning (ERP) systems across various organizations to distribute malware.
The fact that TIDrone is specifically targeting drone manufacturers is concerning, said a TrendMicro spokesperson. Drones are becoming increasingly important in modern warfare, and any disruption to their production could have significant consequences for Taiwan’s defense capabilities.
While Trend Micro has not disclosed the specific methods employed by TIDrone, the company’s findings highlight the growing threat posed by Chinese cyber espionage.
North Korean Hackers Target Crypto Firms
Meanwhile, researchers have warned of North Korean hackers, particularly the Lazarus Group, targeting job seekers in the cryptocurrency industry. The hackers are using fake job postings to lure potential employees and deploy malware, aiming to steal cryptocurrency assets from targeted organizations.
Mandiant, a cybersecurity firm, has observed North Korean hackers posing as recruiters for development and finance roles. Once successful, they deploy malicious software to steal credentials from password managers, conduct reconnaissance on code repositories and specific files, and ultimately implant malware on the victim’s computer.
This tactic echoes the 2022 Ronin Network attack,where hackers stole over $600 million in cryptocurrency, highlighting the vulnerability of the Web3 and cryptocurrency environment to cyberattacks.
GeoServer Vulnerability Exploited in Attacks
In a separate incident, a critical vulnerability in GeoServer, a geographic information server, has been exploited by hackers to distribute backdoors andbotnet malware. The vulnerability, CVE-2024-36401, allows attackers to execute arbitrary code remotely, with a CVSS score of 9.8.
Fortinet, a cybersecurity firm, has observed hackers using this vulnerability to spread malicious software like GoReverse and SideWalk.Additionally, attackers have attempted to use compromised GeoServer instances for cryptocurrency mining, deploying variants of the Mirai botnet and Conti ransomware.
SonicWall Firewall Vulnerability Under Attack
SonicWall has issued a warning about a critical vulnerability, CVE-2024-40766, in its SonicOS firewall operating system. This vulnerability allows attackers to gain unauthorized access to resources and potentially cause the firewall to crash.
While SonicWall has not disclosed the specific details of the attacks, the company has confirmed that the vulnerability has been exploited in real-world attacks.
GitHub Actions Vulnerable to Typosquatting Attacks
Researchers have discovered that GitHub Actions, a platform for automating workflows, can be exploited using typosquatting attacks. Hackers can create fake repositories with names similar to popular packages, tricking developers into using malicious code.
Orca Security, a cybersecurity firm, has demonstrated the feasibility of this attack, creating fakeorganizations and repositories with names that closely resemble commonly used strings. The researchers found that several developers referenced these fake repositories, highlighting the potential for widespread impact.
Conclusion
These recent incidents underscore the evolving nature of cyber threats, targeting not only traditional sectors but also emerging technologies like drones and cryptocurrency. The need for robustcybersecurity measures, vigilance, and collaboration among governments and private organizations is paramount in mitigating these risks and safeguarding critical infrastructure.
Views: 7