Taiwan Opposition Hacked as China's Cyberspies Step Up Attacksby and
FireEye says media targeted by China-based cyberhackers
Gmail accounts of former U.S. diplomat, DPP staff were targets
Chinese hackers have attacked Taiwanese targets including local news organizations and the opposition Democratic Progressive Party in a bid to get information about policies and speeches ahead of presidential and legislative elections next month.
An attack on the unnamed media outlets came in the form of phishing e-mails with the subject line "DPP’s Contact Information Update," according to research by security company FireEye Inc., which identified a Chinese state-backed group called APT16 as carrying out attacks. Hackers also infiltrated e-mails of party staff, changing security protocols and writing messages spoofing the account holders in what may have been an attempt to deliver malicious code, according to one of the victims.
Taiwan goes to the polls Jan. 16 and opinion surveys show the DPP is likely to win a legislative majority, with its leader Tsai Ing-wen securing the presidency after eight years of nationalist Kuomintang rule. China, which considers Taiwan to be one of its provinces, is wary of the DPP’s views on Taiwan independence and advocacy of more caution in its relationship with the mainland.
As well as not wanting the DPP in power, China may want to understand the party better so as to undermine them with access to non-public information, FireEye Principal Threat Intelligence Analyst Jordan Berry said by phone. “There’s a lot of people in China who want and need information for their own intelligence purposes."
China’s Ministry of Foreign Affairs didn’t reply to a faxed request for comment.
FireEye, based in California, provides malware and network-threat protection systems. After its Mandiant division alleged in February 2013 that China’s military may be behind a group that hacked at least 141 companies worldwide since 2006, the U.S. issued indictments against five military officials who were purported to be members of that group.
Another target in Taiwan appears to be former U.S. diplomat to Taiwan William Stanton who said he’s received multiple warnings from Google Inc. that his Gmail account may be targeted by government hackers.
“If you were directed to this page from a warning displayed above your Gmail inbox, we believe that state-sponsored attackers may be attempting to compromise your account or computer,” the warning read without identifying the country. “It’s likely that you received emails containing malicious attachments, links to malicious software downloads, or links to fake websites that are designed to steal your passwords or other personal information.”
Stanton, who was director of the American Institute in Taiwan from 2009 to 2012 in a position akin to ambassador, told Bloomberg News he believes he’s being targeted because of his former role as well as his current position as Director of Taiwan’s National Tsing Hua University Center for Asia Policy.
While the DPP has been under attack for months, the frequency has picked up in the past few weeks, said Ketty Chen, deputy director of international affairs at the DPP, whose own account was compromised.
Chen was among as many as 50 DPP staff targeted by hackers and was alerted when she noticed inconsistencies in the writing style of a colleague in internal correspondence.
“There were fake e-mails that looked like they came from her,” Chen said. “When I read it, the style was not how she would talk so I called to ask if she really sent it, and she hadn’t.”
Chen received e-mails purporting to come from Tsai’s speechwriter and another from a member of the DPP’s cross-strait policy team. In each case the e-mail asked the recipient to open an attachment purporting to be a draft document. Hackers typically send e-mails to targets hoping they’ll open attachments loaded with malware that infiltrate their computers, providing links to those of colleagues’ computers and contacts.
With concerns over security of their work accounts, some DPP staff switched to
Gmail, Chen said. Chen’s Gmail account was compromised when hackers turned off the two-step identification verification process by deleting her mobile number, and adding a forwarding address so that all incoming e-mails went to an external Gmail account.
The allegations come weeks after state-run Xinhua News Agency reported that an investigation into an alleged theft of data from the U.S. Office of Personnel Management had shown the attack was carried out by criminals, rather than being state-sponsored as previously suspected by the U.S. government. Cyberspace must not become a "battlefield” between states, President Xi Jinping said at an Internet conference Wednesday in Wuzhen, and he called for greater cooperation on punishing cyber-attacks and fighting terrorism.