“From malicious emails and URLs to malware, the strain between China’s claim of Taiwan as part of its territory and Taiwan’s maintained independence has evolved into a worrying surge in attacks,” the Trellix Advanced Research Center said in a new report.
The attacks, which have targeted a variety of sectors in the region, are mainly designed to deliver malware and steal sensitive information, the cybersecurity firm said, adding it detected a four-fold jump in the volume of malicious emails between April 7 and April 10, 2023.
Some of the most impacted industry verticals during the four-day time period were networking, manufacturing, and logistics.
What’s more, the spike in malicious emails targeting Taiwan has been followed by a 15x increase in PlugX detections between April 10 and April 12, 2023, indicating that the phishing lures acted as an initial access vector to drop additional payloads.
PlugX, a remote access trojan spotted in the wild since 2008, is a Windows backdoor that has been put to use by numerous Chinese threat actors to control victim machines. It’s also known for employing DLL side-loading techniques to fly under the radar.
“This technique consists of a legitimate program loading a malicious dynamic link library (DLL) file that masquerades as a legitimate DLL file,” Trellix researchers Daksh Kapur and Leandro Velasco said.
“This allows the execution of arbitrary malicious code bypassing security measures that look for malicious code running directly from an executable file.”
“In the past few years, we noticed that geopolitical conflicts are one of the main drivers for cyber attacks on a variety of industries and institutions,” Joseph Tal, senior vice president of the Trellix Advanced Research Center, said.
“Monitoring geopolitical events can help organizations to predict cyber attacks in countries they operate in.”