Taiwan Ruling Party’s Website Hacked in Cyberspying Campaign

  • FireEye didn’t identify hackers, but Chinese used tool before
  • DPP members came under attack before January’s election

The website of Taiwan’s ruling Democratic Progressive Party has come under attack from cyberspies seeking to profile visitors to the site, part of a campaign to get information about the party’s policies following its election victory in January, according to a U.S. cybersecurity researcher.

On at least two separate occasions in April, the DPP’s website redirected visitors to a spoof online address that hosted a malicious script. That script likely profiled them and selected candidates for additional cyber-attacks, according to research by security company FireEye Inc., which said in a statement it hadn’t attributed the operation to a specific threat group.

The DPP won elections Jan. 16 and its leader Tsai Ing-wen secured the presidency after eight years of nationalist Kuomintang rule. China, which considers Taiwan to be one of its provinces, is wary of the DPP’s views on Taiwan independence and advocacy of more caution in its relationship with the mainland.

FireEye said it has detected China-based cyber-espionage groups using the spoof website tool before, and that its use against Taiwanese political targets suggests the actors behind the present campaign are supported by mainland Chinese sponsors.

“Taiwan’s public and private sector need to bring together the technology, expertise and threat intelligence to detect and then respond to advanced cyber attacks,” said Michael Chue, general manager for the Greater China region at FireEye.

To read more about international cyber security risks, click here

The DPP’s site was first compromised on April 7 and its administrators appeared to fix it on April 8, according to FireEye. On April 13, it came under attack again, suggesting “a threat group may be continually monitoring the site due to its importance as a strategic espionage target,” FireEye said. The attack was again repelled, it said.

FireEye said it expects a sustained hacking campaign against DPP politicians and associated organizations. In addition to domestic victims, it is probable that international non-governmental organizations, diplomatic agencies and other global entities could also be affected by this campaign, it said.

DPP spokesman Wang Min-sheng declined to comment on the April incidents reported by FireEye, but added that the party’s website hasn’t experienced any “major systematic attacks” recently. The DPP isn’t a customer of FireEye’s, he said.

FireEye said its intelligence team noticed the compromised website, and that the company hadn’t been hired by the DPP to investigate the attacks.

The DPP, along with local news organizations, came under attack in the lead-up to the elections, FireEye said in December. Individual party members also said they had evidence their personal e-mails had been hacked.

FireEye, based in California, provides malware and network-threat protection systems. After its Mandiant division alleged in 2013 that China’s military may be behind a group that hacked at least 141 companies worldwide since 2006, the U.S. issued indictments against five military officials who were purported to be members of that group.

Before it's here, it's on the Bloomberg Terminal.