Taiwan, US nail Chinese hackers behind mass cyberattacks

US thanks Taiwan for offering information on hackers using California-based servers

Investigation Bureau Director-General Leu Weng-jong and FBI representative in Taiwan Nicholas Garcia

Investigation Bureau Director-General Leu Weng-jong and FBI representative in Taiwan Nicholas Garcia (CNA photo)

TAIPEI (Taiwan News) — Taiwan’s crime investigation authorities held a press conference on Friday (Sept. 18) to talk about the role they played in the U.S. Department of Justice's busting of a string of cyber attacks, which led to the indictment of five Chinese hackers.

At least two oil companies in Taiwan suffered ransomware attacks in May that saw their servers and personal computers compromised. Operations were disrupted and there were losses, according to the Ministry of Justice Investigation Bureau (MJIB).

The investigative bureau found the perpetrators were linked to Winnti Group, more often referred to as the infamous APT-41. The bureau identified the virtual private servers they set up in California and forwarded the information to the U.S. authorities.

On Wednesday (Sept. 16), the U.S. Justice Department announced five Chinese nationals had been charged with cyber attacks targeting more than 100 institutions and individuals around the world. Among the incidents listed in the indictment was an attack on a Taiwanese energy firm on May 4, which affected its payment systems.

A research university and a telecommunications company in Taiwan were also victims of the APT-41-launched malware attacks. In the case of the university, more than 67,000 student photos with filenames were leaked, which along with attacks targeting Hong Kong pro-democracy activists pointed to the possible involvement of the Chinese government, wrote AP.

APT-41 employs sophisticated techniques including breaking in on protected computers, installing ransomware, and causing compromised computers to be encrypted, said MJIB.

The U.S. indictment also revealed the operations of crime ring Chengdu 404 Network Technology (Chengdu 404), which is associated with three of the fugitives being charged. The network is known to exploit “supply chain attacks,” in which the hackers manage to compromise software providers’ networks, modify their code and mount further attacks on the companies’ customers.

Chinese hackers charged by US (Twitter, FBI image)