Tag: taiwan

13 Attack Reports | 0 Vulnerabilities

Attack reports

Operation Dragon Weave: Uncovering a China-Linked Campaign Targeting Czech Republic and Taiwan Using Azure Cloud C2

A sophisticated cyber-espionage campaign attributed to China-linked actors targets officials and citizens in Czech Republic and Taiwan through spearphishing attacks. The operation deploys malicious ZIP archives containing dual infection paths that ultimately deliver AZUREVEIL, an Adaptix C2 agent. …
spearphishing
dll sideloading
taiwan
czech republic
china-linked
2026-05-29
adaptix
adaptix agent
azure cloud c2
azureveil
bof execution
rustcloak
Published: May 29, 2026
Downloadable IOCs: 12

New Lua-based malware LucidRook observed in targeted attacks against Taiwanese organizations

Cisco Talos observed a spear-phishing attack delivering LucidRook, a newly identified stager that targeted a Taiwanese NGO in October 2025. The metadata in the email suggests that it was delivered via authorized mail infrastructure, which implies potential misuse of legitimate sending capabilities.
spearphishing
taiwan
2026-04-08
lucidknight
lucidpawn
lucidrook
Published: April 8, 2026
Downloadable IOCs: 20

Massive Winos 4.0 Campaigns Target Taiwan

A series of targeted phishing campaigns in Taiwan have been observed disseminating Winos 4.0 (ValleyRat) malware and associated plugins. The attacks exploit local business processes using themes like tax audits and e-invoices. The campaigns employ various techniques including malicious LNK files, D…
apt
phishing
dll sideloading
valleyrat
taiwan
byovd
uac bypass
winos 4.0
2026-02-22
Published: February 22, 2026
Downloadable IOCs: 11

Yet Another Leak of China's Contractor-Driven Cyber-Espionage Ecosystem

The Knownsec leak exposes a state-aligned Chinese cyber contractor deeply integrated with national security and intelligence operations. Internal documents reveal Knownsec's role in developing offensive cyber capabilities, large-scale reconnaissance systems, and data fusion platforms for public sec…
china
cyber espionage
taiwan
critical infrastructure
contractor
2026-01-10
ghostx
passive radar
public security
un-mail
zoomeye
Published: January 10, 2026
Downloadable IOCs: 6

Inside the Kimsuky Leak: How the 'Kim' Dump Exposed North Korea's Credential Theft Playbook

A data breach attributed to a North Korean-affiliated actor known as "Kim" has provided new insights into Kimsuky (APT43) tactics and infrastructure. The actor's operations focus on credential-based intrusions targeting South Korean and Taiwanese networks, utilizing Chinese-language tools and infra…
phishing
north korea
rootkit
south korea
credential theft
taiwan
ocr
2025-09-08
hybrid attribution
vmmisc.ko
gpki
Published: September 8, 2025
Downloadable IOCs: 11

Disruption of Drone Supply Chains Through Coordinated Multi-Wave Attacks in Taiwan

Earth Ammit, a Chinese-linked threat actor, conducted two campaigns targeting drone supply chains in Taiwan and South Korea from 2023 to 2024. The VENOM campaign focused on software service providers using open-source tools, while TIDRONE targeted military industries with custom malware. Their tact…
south korea
taiwan
supply chain attack
2025-05-13
drone industry
venom campaign
custom backdoor
screencap
fiber-based
clntend
venfrpc
cxclnt
tidrone campagin
military sector
Published: May 13, 2025
Downloadable IOCs: 29

Targeting Taiwan & Japan with DLL Implants

A newly discovered APT campaign dubbed Swan Vector is targeting educational institutes and mechanical engineering industries in Taiwan and Japan. The attack uses a sophisticated multi-stage infection chain involving malicious LNK files, DLL implants (Pterois and Isurus), and Cobalt Strike payloads.…
apt
cobalt strike
dll sideloading
taiwan
multi-stage attack
japan
2025-05-12
google drive
isurus
pterois
dll implants
Published: May 12, 2025
Downloadable IOCs: 16

CrazyHunter Campaign Targets Taiwanese Critical Sectors

The CrazyHunter ransomware group has emerged as a significant threat, specifically targeting Taiwanese organizations in healthcare, education, and industrial sectors. The group employs sophisticated techniques, including the Bring Your Own Vulnerable Driver (BYOVD) method, to bypass security measur…
ransomware
taiwan
byovd
prince ransomware
2025-04-16
zammocide
prince ransomware builder
critical sectors
open-source tools
gpo exploitation
Published: April 16, 2025
Downloadable IOCs: 9

APT Targets NetEase 163.com Users with Fake Download Pages & Spoofed Domains

The GreenSpot Advanced Persistent Threat group, operating from Taiwan since 2007, is targeting users of NetEase's 163.com email service. The group employs sophisticated phishing techniques, including spoofed domains and fake download pages, to steal login credentials. Researchers identified domains…
apt
phishing
credential theft
taiwan
spoofed domains
2025-02-05
fake download pages
163.com
netease
Published: February 5, 2025
Downloadable IOCs: 9

SmokeLoader picks up ancient MS Office bugs to pack fresh credential stealer

Threat actors are exploiting old Microsoft Office vulnerabilities using SmokeLoader, a modular malware loader, to steal browser credentials. The campaign targets manufacturing, healthcare, and IT companies in Taiwan, utilizing CVE-2017-0199 and CVE-2017-11882 to execute remote code and deploy malic…
phishing
plugins
credential theft
smokeloader
CVE-2017-0199
CVE-2017-11882
taiwan
modular malware
2024-12-03
microsoft office
vulnerabilities
andeloader
Published: December 3, 2024
Linked vulnerabilities : CVE-2017-11882, CVE-2017-0199
Downloadable IOCs: 28

Threat actors use copyright infringement phishing lure to deploy infostealers

An unknown threat actor is conducting a phishing campaign targeting Facebook business and advertising account users in Taiwan. The campaign uses emails impersonating legal departments, claiming copyright infringement to lure victims into downloading malware. The attackers abuse Google's Appspot dom…
obfuscation
phishing
evasion
lummac2
rhadamanthys
infostealer
taiwan
2024-10-31
facebook
copyright
Published: October 31, 2024
Downloadable IOCs: 0

Evasive Panda scouting cloud services

CloudScout is a post-compromise toolset used by Evasive Panda to target a Taiwanese government entity and religious organization between 2022 and 2023. The toolset can retrieve data from various cloud services using stolen web session cookies. It works with MgBot, Evasive Panda's malware framework,…
apt
china
cyberespionage
taiwan
mgbot
cloud services
2024-10-28
nightdoor
cookie theft
cloudscout
Published: October 28, 2024
Downloadable IOCs: 17

Chinese State-Sponsored RedJuliett Intensifies Taiwanese Cyber Espionage via Network Perimeter Exploitation

Chinese state-sponsored cyber-espionage group RedJuliett continues to target Taiwanese government, academic, technology companies and de facto embassies, according to a new report from Insikt Group.
softether vpn
2024-06-24
taiwan
redjuliett
beijing
laos
kenya
rwanda
Published: June 24, 2024
Downloadable IOCs: 11
Click here to see more Attack Reports