What the fuss about?
According to the Taiwan Investigation Bureau’s Cyber Security Investigation Office, Some hacking groups infiltrated into around 10 Taiwan government agencies minimum and hacked into 6000 email accounts gaining access to it. Officials said that this attack was done in order to steal data. The official also said that the impact of this attack is still being assessed at the moment.
Is there any estimation of the amount of damage done?
As mentioned in the report by NDTV, Liu Chia-zung, the office’s deputy director told AFP,”We know for sure that these 6,000 emails have been compromised. We are still assessing the extent of the damage.” He also added that “as far as we know the damage done by this infiltration is not small.”
Why have the hackers targeted the Taiwanese government? Why do the Taiwanese official accuse China to be behind it?
Taipei, has always accused Beijing for running the cyber campaign against them since 2016. The main reason behind such campaign is said to be the President Tsai Ing-wen, Who is known to refuse Beijing’s insistence of their One china theory. Tsai won the election by landslide in January again, which is what has started to itch the Beijing’s campaign of influencing the Taiwan island. Tsai refuses That Taiwan is a part of China theory.
Apart from this background story, According to the Taiwan’s Cyber Security Investigation Office, Blacktech and Taidoor, the two Chinese hacking groups involvement has been found in targeting the Taiwan government departments and ISP’s since the beginning of 2018.
Beijing has increased their intensity of diplomatic and economic pressure on Taiwan along with ramping up their military drills near the island country also violating air defence zones by breaching them using their own military jets in too high frequency during the period of few months.
Other events that might have caused beijing to flare up its temper can be connected to the visit of US health secretary Alex Azar to Taiwan, Replying to which China warned Washington not to “Play with Fire.”
Who are Blacktech and Taidoor hacking groups?
Blacktech is a cyber espionage group operating against targets like Taiwan, Japan, Hong Kong.
Motivation and Targets: As noticed by trend Micro, This group is known for information theft and state sponsored espionage and has always been seen targeting sectors like Financial, Government, Healthcare and Technological.
involvement in Cyber campaigns: They are well known for their cyber campaigns like Operation Shrouded Crossbow, Operation PLEAD, Operation Waterbear, Attacks on Taiwanese government since 2018 etc.
Country of origin: Country of origin is not known yet.
Motivation and targets: Known for information theft and espionage. This group has been active in targeting government and their bodies. Taidoor group has been seen actively targeting the Taiwanese government.
Involvement in campaigns: Taidoor attackers have been, according to Trend micro actively participating in targeted attacks since 2009. Their Taidoor campaign has been oftenly used Taiwanese IP addresses as their C&C servers and email addresses for attacks like social engineering, phishing and sending malware as attachments via emails.
Country of origin: China
Tools developed: Taidoor malware
What should you do to not become victim of any such attacks?
What measures can you take to prevent such scenarios:
Data breaches, Cyber attacks, Data leaks, DDoS etc can be quiet damaging to not only the finances of a organisation/individual but also affects their reputation and other aspects in the industry. There can be many reasons that you might get targeted like competition, espionage, revenge or by random selection due to poor security measure. There aren’t any proactive counter measures which can help you during such attacks though. Hence it is always better to prepare, as Prevention is better than cure.
Here are some steps you can take to ensure your preventive measures against such scenarios:
- Educate and train yourself & your employees against such attacks. Training against the known attack procedures can help you in long way.
- Do not open any email whose source can’t be trusted. report the same to your admins for further investigation.
- It is better to backup all the data that is being stored in your devices or servers. it is always better to have offline backups which can come in handy during such scenarios.
- Rely on a good and trusted Security tools and solutions. No compromise can be done here as they are guarding your business.
- Keep your private and work devices separate. If not possible, at least use different user environment on devices.
- Use trusted VPN provider for your/organization devices and network. Don’t fall into the free VPN trap. They usually don’t work and store your information.
- Always keep your devices up to date. You should install all the latest patch, drivers that are released only by the hardware manufacturer of your devices.
- Try not to access websites whose identity cannot be verified. Most of these websites can be identified by their shady website UI and offering of Paid software’s in free.
- Always listen to your IT Security consultant and plan your steps accordingly. You might know your business well, but your IT security consultant knows your systems and network better.
- Do not pay ransom to the ransomware operators ever. This would not ensure whether you would get your data back or the operators would not public or delete your data.