In recent months, rising geopolitical tensions between China and Taiwan have led to a notable increase in cyberattacks against the East Asian island nation.
“From malicious emails and URLs to malware, the tension between China’s territorial claim to Taiwan and its preservation of Taiwan’s independence is a worrying attack,” the Trellix Center for Advanced Research said in a new report. is developing rapidly,” he said.
Attacks targeting various sectors in the region were primarily aimed at injecting malware and stealing sensitive information, the cybersecurity firm said, and between April 7th and April 10th, malicious electronic It added that it detected a four-fold spike in email volume. , 2023.
The industries most affected over the four days included networks, manufacturing and logistics.
Additionally, following the surge in malicious emails targeting Taiwan, a 15-fold increase in PlugX detections between April 10 and April 12, 2023, added this phishing lure. It shows that it served as the first access vector to drop the payload of
PlugX is a remote access Trojan that has been in the wild since 2008 and is a Windows backdoor used by numerous Chinese attackers to gain control of victim machines. It is also known to employ DLL sideloading techniques to remain invisible to radar.
“This technique consists of a legitimate program loading a malicious dynamic link library (DLL) file disguised as a legitimate DLL file,” said Trellix researchers Daksh Kapur and Leandro Velasco. ‘ said.
“This makes it possible to execute arbitrary malicious code, circumventing security measures that look for malicious code run directly from executables.”
Learn how to stop ransomware with real-time protection
Join our webinar to learn how to stop ransomware attacks using real-time MFA and service account protection.
Reserve your seat!
Besides PlugX, Trellix said it has also identified other malware families, such as the Kryptik Trojan, and nation-state-targeting thieves such as Zmutzy and FormBook.
“Over the past few years, we have realized that geopolitical conflict is one of the leading drivers of cyberattacks against various industries and institutions,” said Joseph Tal, senior vice president of Trellix Advanced Research Center. says.
“Monitoring geopolitical events can help organizations anticipate cyberattacks in the countries in which they operate.”
