China–Taiwan tensions have led to a significant increase in cyber-attacks targeting Taiwan, according to a new report by security experts at Trellix.
In particular, the company spotted a surge in cyber-attacks aimed at Taiwanese industries, with the primary goal of deploying malware and stealing sensitive information.
“Trellix has observed a surge in malicious emails targeted towards Taiwan, starting April 7 and continuing until April 10. The number of malicious emails during this time increased to over four times the usual amount,” reads the report.
“Even though various industries were targeted during the surge, the most impacted industries in the respective time frame were networking/IT, manufacturing and logistics.”
Moreover, Trellix observed a significant rise in extortion emails targeting Taiwan government officials.
“Though it’s unclear if this activity is from China-backed threat actors, it speaks to a continued increase in attacks specifically targeting Taiwan.”
Trellix researchers identified different types of malicious email campaigns, including false payment overdue notifications, fake shipment notifications from reputable companies like DHL and fraudulent quotation request emails that contain malware-laden attachments.
Additionally, attackers have employed phishing pages and harmful URLs to trick users into revealing their login details.
One notable malware observed during these attacks is PlugX, a Remote Access Trojan (RAT) commonly associated with Chinese Advanced Persistent Threat (APT) groups.
Read more on PlugX: Black Basta Deploys PlugX Malware in USB Devices With New Technique
Trellix also reported instances of other malware families, such as Kryptik, Zmutzy and Formbook.
“It is crucial for everyone to remain vigilant and take necessary precautions to protect themselves from potential breaches,” reads the report.
“This includes adopting best practices for cybersecurity and staying informed about the latest threats.”
The Trellix report comes almost a year after Taiwan experienced distributed denial of service (DDoS) attacks on government websites following the visit of a senior US lawmaker.