State-Sponsored Chinese Hackers Increase Attacks on Taiwan

A hacking group with suspected ties to the Chinese government has been stepping up its attacks on organizations in Taiwan, particularly those in the government, diplomacy, technology, and education sectors, a cybersecurity company said.

According to a June 24 report from Recorded Future, cyberattacks on Taiwanese organizations by a hacker group called RedJuliett increased in the months leading up to Taiwan’s presidential elections in January and continued through April during the transition of power.

While the hacking group has targeted Taiwan in the past, it was never on such a large scale, one Recorded Future analyst said.

RedJuliett launched cyberattacks on 24 organizations, not only in Taiwan, but also against government agencies in Kenya, Laos, and Rwanda. The group also targeted the websites of religious organizations in both South Korea and Hong Kong, as well as a university in the United States and one in Djibouti.

The hackers accessed servers using a vulnerability in the SoftEther enterprise VPN software, Recorded Future said.

From November 2023 to April 2024, analysts observed RedJuliett attempting to hack over 70 organizations in Taiwan, including a facial recognition company with government contracts, three universities, and an optoelectronics company.

According to Recorded Future, the hacking patterns used by RedJuliett match those used by Chinese state-sponsored hackers.

The cybersecurity company determined that, based on the geolocations of IP addresses, RedJuliett likely operates out of the city of Fuzhou in the southern province of Fujian.

Fuzhou is along the coast of the Strait of Taiwan.

Given Fuzhou’s proximity to the island nation, Chinese intelligence services in the city are “likely tasked with intelligence collection against Taiwanese targets,” Recorded Future said.

It concluded that RedJuliett is also targeting Taiwan for intelligence collection to “support Beijing’s policy-making on cross-strait relations.”

When asked about the report, Chinese Foreign Ministry spokeswoman Mao Ning dismissed Recorded Future, saying that the cybersecurity company lacked “professionalism” and “credibility.” Mao said that Recorded Future had a history of fabricating “disinformation” on alleged Chinese hacking operations.