TAIPEI (Taiwan News) — Following an FBI alert about China-backed malicious cyber activity, Taiwan's Ministry of Justice Investigation Bureau is warning of a threat from two hacking groups backed by the Chinese government and revealed a list of 11 domain names that government-linked agencies and businesses should block.
The bureau on Wednesday (Aug 19) suggested that Taidoor and Blacktech — two hacking groups linked to the Chinese government — have often infiltrated government agencies and their contracted information service providers. A poor network architecture resulting from insufficient investment in cybersecurity solutions makes them vulnerable to cyber attacks, it stated.
The hackers targeted loopholes in the systems of Taiwan government information service providers, and then sneaked into the remote desktop shared by government agencies to steal secrets or personal information. Government agencies have been asked to increase scrutiny of their service providers.
On Thursday (Aug. 20), the bureau listed 11 malicious domain names that should be blocked by government-linked organizations:
- manage.lutengtw.com
- dccpulic.lutengtw.com
- trust.utoggsv.com
- wg1.inkeslive.com
- k3ad01.rutentw.com
- ams05.cksogo.com
- edgekey.whybbot.com
- shed.inkeslive.com
- ap21.gckerda.com
- cornerth.com
- teamcorner.nctu.me
Earlier this month, the FBI and Cybersecurity and Infrastructure Security Agency (CISA) said Taidoor, a Chinese remote access trojan, had been used to carry out espionage work in the country. Users and administrators are advised to review the updated Malware Analysis Report to enable network defense and reduce exposure to the Chinese government's malicious cyber activity.
In 2012, Taiwanese data security provider Trend Micro discovered the Taidoor campaign, which uses a spear-phishing email to infect target computers at government agencies, corporate entities, and think tanks with interests in Taiwan, in order to steal confidential information. The constantly evolving malware was believed to have been active since 2008 and remains active today.