Chinese hackers have stepped up attacks on Taiwanese organizations, cybersecurity firm says

HONG KONG (AP) — A suspected Chinese state-sponsored hacking group has stepped up its targeting of Taiwanese organizations, particularly those in sectors such as government, education, technology and diplomacy, according to cybersecurity intelligence company Recorded Future.

In recent years, relations between China and Taiwan, a self-governed island across the Taiwan Strait that Beijing claims as its territory, have deteriorated. The cyberattacks by the group known as RedJulliett were observed between November 2023 and April 2024, during the lead up to Taiwan’s presidential elections in January and the subsequent change in administration.

RedJuliett has targeted Taiwanese organizations in the past, but this is the first time that activity was seen at such a scale, a Recorded Future analyst said, speaking on condition of anonymity out of safety concerns.

The report said RedJuliett attacked 24 organizations, including government agencies in places like Laos, Kenya and Rwanda, as well as Taiwan.

It also hacked into websites of religious organizations in Hong Kong and South Korea, a U.S university and a Djiboutian university. The report did not identify the organizations.

Recorded Future said RedJuliett accessed the servers of those places via a vulnerability in their SoftEther enterprise virtual private network (VPN) software, an open-source VPN that allows remote connections to an organization’s networks.

RedJuliett has been observed attempting to break into systems of more than 70 Taiwanese organizations including three universities, an optoelectronics company and a facial recognition company that has contracts with the government.

It was unclear if RedJuliett managed to break into those organizations: Recorded Future only