A cyber espionage group, suspected to have Chinese connections, has conducted supply chain attacks targeting software providers, military, and critical infrastructure in Taiwan and South Korea. These campaigns aimed to infiltrate high-value networks, resulting in data theft and espionage activities.
Affected: software service providers, military, satellite, heavy industry, media, technology, healthcare, critical infrastructure networks.
Affected: software service providers, military, satellite, heavy industry, media, technology, healthcare, critical infrastructure networks.
Keypoints
- A suspected Chinese-linked cyber espionage group, Earth Ammit, targeted supply chains in Taiwan and South Korea from 2023 to 2024.
- The group launched two main wave campaigns, Venom and Tidrone, affecting industries such as military, satellite, technology, and healthcare.
- Earth Ammit aimed to compromise trusted vendor networks to access high-value targets and expand their espionage reach.
- The group used open-source tools in their initial campaign and customized backdoors for targeted cyber espionage in later operations.
- Both campaigns shared infrastructure and targeted the same victims, indicating sustained focus on specific entities.
- Attackersโ tactics and target profiles resemble those of suspected Chinese state actors, though definitive links are unconfirmed.
- Other Chinese-affiliated groups exploited vulnerabilities in SAP NetWeaver to target critical infrastructure across multiple countries.
Read More: https://therecord.media/chinese-hackers-target-taiwan-military-sector