China-linked APT10 Target Taiwan’s financial trading industry

Pierluigi Paganini February 22, 2022

China-linked APT group APT10 (aka Stone Panda, Bronze Riverside) targets Taiwan’s financial trading sector with a supply chain attack.

The campaign was launched by the APT10 group started in November 2021, but it hit a peak between 10 and 13 2022, Taiwanese cybersecurity firm CyCraft reported.

The group (also known as Cicada, Stone Panda, MenuPass group, Bronze Riverside, and Cloud Hopper) has been active at least since 2009, in April 2017 experts from PwC UK and BAE Systems uncovered a widespread hacking campaign, tracked as Operation Cloud Hopper, targeting managed service providers (MSPs) in multiple countries worldwide. In November 2020, researchers uncovered a large-scale campaign conducted by China-linked APT10 targeting businesses using the recently-disclosed ZeroLogon vulnerability.

According to CyCraft, nation-state attackers compromised the supply chain of software systems of financial institutions as part of a campaign codenamed Operation Cache Panda.

The attack caused “abnormal cases of placing orders.”

The attackers exploited a vulnerability in the web management interface of an unnamed security software firm in Taiwan and deployed a web shell to deliver the Quasar RAT on the target system.

Quasar RAT is available as an open-source tool on several public repositories, attackers use to avoid detection leveraging methods such as password protection and encoded macros. 

Quasar RAT has been used in the past by many hacking groups, including APT33APT10Dropping ElephantStone Panda, and The Gorgon Group.

Quasar RAT is a publicly available open-source remote access trojan (RAT) written in .NET. Its features include capturing screenshots, recording webcam, editing registry, keylogging, and stealing passwords.

The attack was uncovered amid the presentation of draft amendments to the National Security Act by Taiwan’s Parliament. The laws were proposed to contrast the economic and industrial espionage conducted by Bejing. The goal of Taiwanese authorities is to protect its semiconductor industry from Chinese industrial espionage.

“The Executive Yuan on Thursday approved draft amendments to the National Security Act that would make it a crime to engage in “economic espionage” or the unapproved use of critical national technologies and trade secrets outside of Taiwan. Sentences would be set at up to 12 years and 10 years in jail, respectively.” reported Nikkei Asia.

People that will use critical national technologies and trade secrets outside of the country without any government authorization could be sentenced up to a 12-year prison.

People and organizations that will support Chinese companies setting up operations in the country could face three years in prison or an up to NT$15 million fine.

“High-tech industry is the lifeline of Taiwan. However, the infiltration of the Chinese supply chain into Taiwan has become serious in recent years,” Lo Ping-cheng, minister without portfolio and spokesperson for the Executive Yuan, said at a news conference on Thursday. “They are luring away high-tech talent, stealing national critical technologies, circumventing Taiwan’s regulations, operating in Taiwan without approval and unlawfully investing in Taiwan, which is causing harm to Taiwan’s information technology security as well as the industry’s competitiveness.”

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, APT10)

[adrotate banner=”5″]

[adrotate banner=”13″]

you might also like

leave a comment