APT

China-linked APT10 Target Taiwan’s financial trading industry

China-linked APT group APT10 (aka Stone Panda, Bronze Riverside) targets Taiwan’s financial trading sector with a supply chain attack.

The campaign was launched by the APT10 group started in November 2021, but it hit a peak between 10 and 13 2022, Taiwanese cybersecurity firm CyCraft reported.

The group (also known as Cicada, Stone Panda, MenuPass group, Bronze Riverside, and Cloud Hopper) has been active at least since 2009, in April 2017 experts from PwC UK and BAE Systems uncovered a widespread hacking campaign, tracked as Operation Cloud Hopper, targeting managed service providers (MSPs) in multiple countries worldwide. In November 2020, researchers uncovered a large-scale campaign conducted by China-linked APT10 targeting businesses using the recently-disclosed ZeroLogon vulnerability.

According to CyCraft, nation-state attackers compromised the supply chain of software systems of financial institutions as part of a campaign codenamed Operation Cache Panda.

The attack caused “abnormal cases of placing orders.”

The attackers exploited a vulnerability in the web management interface of an unnamed security software firm in Taiwan and deployed a web shell to deliver the Quasar RAT on the target system.

Quasar RAT is available as an open-source tool on several public repositories, attackers use to avoid detection leveraging methods such as password protection and encoded macros. 

Quasar RAT has been used in the past by many hacking groups, including APT33APT10Dropping ElephantStone Panda, and The Gorgon Group.

Quasar RAT is a publicly available open-source remote access trojan (RAT) written in .NET. Its features include capturing screenshots, recording webcam, editing registry, keylogging, and stealing passwords.

The attack was uncovered amid the presentation of draft amendments to the National Security Act by Taiwan’s Parliament. The laws were proposed to contrast the economic and industrial espionage conducted by Bejing. The goal of Taiwanese authorities is to protect its semiconductor industry from Chinese industrial espionage.

“The Executive Yuan on Thursday approved draft amendments to the National Security Act that would make it a crime to engage in “economic espionage” or the unapproved use of critical national technologies and trade secrets outside of Taiwan. Sentences would be set at up to 12 years and 10 years in jail, respectively.” reported Nikkei Asia.

People that will use critical national technologies and trade secrets outside of the country without any government authorization could be sentenced up to a 12-year prison.

People and organizations that will support Chinese companies setting up operations in the country could face three years in prison or an up to NT$15 million fine.

“High-tech industry is the lifeline of Taiwan. However, the infiltration of the Chinese supply chain into Taiwan has become serious in recent years,” Lo Ping-cheng, minister without portfolio and spokesperson for the Executive Yuan, said at a news conference on Thursday. “They are luring away high-tech talent, stealing national critical technologies, circumventing Taiwan’s regulations, operating in Taiwan without approval and unlawfully investing in Taiwan, which is causing harm to Taiwan’s information technology security as well as the industry’s competitiveness.”

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, APT10)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

Recent Posts

Google: China dominates government exploitation of zero-day vulnerabilities in 2023

Google's Threat Analysis Group (TAG) and Mandiant reported a surge in the number of actively…

4 hours ago

Google addressed 2 Chrome zero-days demonstrated at Pwn2Own 2024

Google addressed two zero-day vulnerabilities in the Chrome web browser that have been demonstrated during…

15 hours ago

INC Ransom stole 3TB of data from the National Health Service (NHS) of Scotland

The INC Ransom extortion group hacked the National Health Service (NHS) of Scotland and is threatening…

19 hours ago

CISA adds Microsoft SharePoint bug disclosed at Pwn2Own to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a Microsoft SharePoint vulnerability disclosed at the…

1 day ago

The DDR Advantage: Real-Time Data Defense

This is the advantage of Data Detection and Response (DDR) for organizations aiming to build…

1 day ago

Finnish police linked APT31 to the 2021 parliament attack

The Finnish Police attributed the attack against the parliament that occurred in March 2021 to…

1 day ago

This website uses cookies.