Chinese-linked cyber actors appear to have made a massive, last-minute push to try to derail Taiwan’s recent elections, though the precise goals of the sudden campaign — and the extent to which the attacks succeeded — remain unclear.
A new report Tuesday by the U.S.-based cybersecurity firm Trellix found what researchers described as a significant spike in activity, with attacks on Taiwanese organizations more than doubling in the 24-hour period before Taiwan’s January 13 election.
“Malicious cyber activity rose significantly from 1,758 detections on January 11 to over 4,300 on January 12,” the report said.
Most of the attacks appeared to focus on government offices, police departments, and financial institutions, with the attackers focused on internal communications, police reports, bank statements and insurance information.
Then, almost as suddenly as they came, the attacks seemed to wane, with just over 1,000 attacks detected on election day itself.
“The pattern of the attack is unusual,” Trellix’s Anne An told VOA.
“We see a lot of Chinese APTs [advanced persistent threat actors] that, after they get in, they stay low, maintain persistence,” said An, Trellix’s lead threat intelligence researcher. “We don’t see this crazy spike.”
Trellix is continuing to review the data. But An said one explanation could be a sense of desperation by the Chinese threat actors to find a way to impact the Taiwanese election.
They may well have been “going in with a last effort, trying to dig in the financial information, the policing records and the government internal communications, trying to figure out if there’s anything they can grab,” she said.
Only if the goal was to change how Taiwanese citizens voted or induce some sort of panic as the vote was being counted, it would seem the Chinese-linked hackers failed.
Rumors about election fraud were quickly debunked and dismissed by what some analysts described as “whole of society response” making use of government agencies, independent fact check organizations and even social media influencers.
“Find it early, like a tumor or cancer. Cut it before it spreads,” Taipei’s economic and cultural representative to the U.S., Alexander Tah-Ray Yui, told The Associated Press last month.
Still, the Trellix report says the danger to Taiwan may not be over. It warns that the spike in attacks on the day before Taiwan’s elections may be part of a longer-term strategy by the Chinese-linked threat actors.
“The same set of data also shows that threat actors operating behind these malicious activities leverage a number of living-off-the-land tools,” the report said.
Living-off-the-land attacks allow hackers to infiltrate a computer network or system and hide, quietly stealing additional data or positioning themselves to launch a disruptive attack at a more opportune time.
And it is a tactic that has worried cybersecurity officials in the United States, prompting the FBI and the Cybersecurity and Infrastructure Security Agency (CISA) to issue a threat advisory to U.S. companies just last week.
A China-linked hacker group known as Volt Typhoon has been “positioning itself to launch destructive cyberattacks that would jeopardize the physical safety of Americans,” the advisory warned.
And CISA director Jen Easterly warned last month that the Chinese strategy is likely closely linked to Taiwan.
Beijing’s goal would be to “incite societal panic and chaos, and to deter our ability to marshal military might,” especially in case of a conflict over Taiwan, she told lawmakers.
China’s goal, Easterly added, would be to “incite societal panic and chaos, and to deter our ability to marshal military might,” especially in case of a conflict over Taiwan.
China has rejected such accusations, accusing U.S. officials of “making irresponsible criticism” when Washington itself is guilty of such behavior.
“We urge the U.S. side to stop,” Liu Pengyu, spokesperson for the Chinese Embassy in Washington, told VOA in an email in response to the CISA director’s warnings.