TAIPEI (Taiwan News) — A government-affiliated computer research institute was the target of a cyber-attack that lasted 11 days and compromised sensitive data, according to the cyber security firm Cisco Systems.
Cisco’s Talos group conducted a threat assessment of the attack and said with “moderate confidence” the attackers were affiliated with China’s state-sponsored hacker group known as APT41, thought to be based in Chengdu.
The hackers reportedly used an outdated version of Microsoft Office to facilitate the attack, reported Bloomberg. The operation was sophisticated and notable for using customized tools that helped attackers access the institute’s servers and avoid detection by security software.
Initial reporting did not reveal the name of the research institute that was targeted, the nature of the compromised data, or when exactly the attack took place. The threat actors likely had access to the research institute’s private servers as early as July 2023, with some reports suggesting the attack occurred soon after they gained access.
The incident highlights the increasing number of Chinese hackers targeting institutions in Taiwan, both public and private. These incidents are considered by experts as a component of China’s “gray zone” tactics, which Beijing employs to achieve its objective of challenging and eventually subjugating Taiwan.
The Talos group’s report on the incident provides details on the tools utilized by the hackers, and how they were deployed.