Mandarin-speaking Taiwan, though self-governing, is considered by China to be a “renegade province.” In addition to being subjected to constant claims of ownership by the mainland, it’s also being used as a cyber-punching bag to test out new malware approaches.
"We've seen everything," Jim Liu, founder of Taiwanese internet security company Lucent Sky, told Reuters. "We'll see a specific attack signature here, and then six months later see the same signature in an attack on the States."
Security company Mandiant has maintained that a Chinese military unit has been engaging in a constant stream of cyber-espionage directed at high-value US targets. In report earlier in the year, it set out several tactics commonly in use by the hackers; unique tactics that Taiwan experts say they experienced several years earlier.
Reuters reported that a 2003 attack on a Taiwanese police agency resulted in the theft of a raft of personal data, including household registration information, from its computer system. The unique aspect of it was the attack's stealth – the malware was designed to not disrupt business as usual – as it wanted to avoid detection. This is a tactic that has been tightly linked with Chinese attempts on American targets, experts said.
Fast-forward to the present day, and new attacks being mounted against Taiwan are geared to use spear phishing email to initiate advanced persistent threats. Mails containing malicious files are geared to have users click on a relevant “document”, thus executing the installation of a backdoor that allows access to the system.
US researchers continue their claims that targeted attacks are on the rise. Trend Micro noted that more often than not, the modern technically competent attacker will use zero-day malware via zero-day vulnerabilities on the end of compelling socially engineered spear phishing – a route that will almost inevitably defeat firewalls and anti-virus defenses.
"One thing that indicates government support for these attacks is just the sheer volume – how many agencies are being attacked on a daily basis," said Benson Wu, co-founder of Xecure Lab, speaking to Reuters.
Another expert told the news service that thousands of Taiwanese high-level government employees receive as many as 20 to 30 of these emails a month. Earlier in the year, the Taiwan National Security Bureau (NSB) said that it encountered more than three million hacking attempts from China in the space of 12 months.
China denies all claims that the nation is engaged in state-sponsored hacking, but Taiwan sources say they have the evidence very much to the contrary. The NSB said that it believes China to have extended its cyber-army to more than 100,000 people, with a budget in excess of $2.71 million per year to carry out hacking activities.
"We've been following these Chinese hackers for so long, we can track their daily work schedule," one unidentified source told Reuters. "People expect hackers to be night owls, but these guys work very normal hours - on Chinese national holidays, for example, we don't see any hacking activity at all."
If the experts are correct, the most effective of those attacks will be making their way to US shores very soon.