6 September 2022

China-Taiwan military tension fuels an active cyberwar

Vilius Petkauskas

After tensions between China and Taiwan did not materialize into a larger military conflict in August, the world had a sigh of relief. Yet while guns are silent, keyboards are not.

Cyber activity between China and Taiwan is marked by multi-vector attacks, similar to what experts witnessed happening between Russia and Ukraine, researchers at threat intelligence firm Cyberint say.

A recent report shows that tensions in the cyber realm are high, and the number of national-level cyberattacks affecting China and Taiwan has recently increased significantly.

According to Cyberint Research Team, the increasing number of cyberattacks will attract more competing hacking groups, increasing the risk of the heated conflict spiraling out of control in the cyber realm.

“It's safe to assume that if the tension will continue, more will join the game, and as a result, more powerful threat actors will choose sides and show their abilities. Thus leading to a an escalation that we have seen on Russia-Ukraine as well,” researchers told Cybernews.

Tsunami in the forums

According to the researchers, one indicator of increased activity is the growing number of comments on Chinese and Taiwanese breaches in cybercriminal leak forums. The number of comments on Chinese data leaks in July grew four times compared to June.

The leak of a massive dataset from the Shanghai police, allegedly containing data on billion people, is partly to blame for the increase in comment traffic. However, that’s far from the only China-based leak that appeared in criminal forums.

The report claims that hackers tried to sell Shanghai Suishenma QR code with 48.5M unique users. The data could theoretically allow threat actors to trace every user since January 2022.

The number of comments under data leaks from Taiwanese companies also grew several times in July. While the pace of growth decreased in August, the number of comments was at least twice higher than in the first summer month.

“The breaches include major nation-state and nation-related companies, which we saw only a few previously,” reads the report.

Image by Shutterstock.

Taking sides

Researchers also noted increased pressure on Chinese organizations from hacker groups taking sides in light of Russia’s war in Ukraine.

Groups such as AgainstTheWest, KelvinSecurity, Anonymous, and others have set their sights on China due to Beijing’s ambiguous support for Russia’s efforts.

“Western threat actors have already embedded themselves into this major conflict and have started breaching whatever stands in their way. This has drawn both countries deeply into the western cybercriminal forums,” reads the report.

Report’s authors see a shifting cyber landscape that sprung to life after the war in Ukraine broke out. While attacking Russia and China was considered taboo in the past, cyberattacks against sensitive websites, governmental entities, or any additional state-related services are becoming the norm.

The new modus operandi could eventually lead to a steady escalation from smaller cyberattacks targeted at government websites to more harmful incidents involving critical infrastructure.

“The battle between both countries has already begun, digital warfare is here, and we see the proliferation of ricochets,” the report’s authors claim.

Image by Shutterstock.

Lessons learned

Even though the conflict between China and Taiwan hasn't reached temperatures seen in the Russo-Ukrainian war, Cyberint researchers believe there are lessons the Asian nations can draw from.

For one, hacktivists will likely side with the 'underdog' of the conflict, which in this particular case is Taiwan.

If the cyber conflict between Taiwan and China would resemble events in Ukraine, China should prepare its infrastructure to withstand a flood of distributed denial-of-service (DDoS) attacks.

After the Kremlin's troops poured into Ukraine, several hacktivist groups launched numerous DDoS attacks on Russian service providers, disrupting financial services and shutting down media outlets.

"We would assume that China will be much harder to compromise given the fact that they have had a great use case to learn from in Russia-Ukraine, which mean they are prepared for these type of attacks," researchers told Cybernews.

They claim that the Chinese energy sector might be the primary target of hackers supporting Taiwan. Meanwhile, China-affiliated hacker groups would likely use Beijing's vast resources to carry out data theft, espionage operations, and other sophisticated cyberwarfare campaigns against Taiwan.

No comments: