The rising geopolitical tensions between China and Taiwan have led to an increase in cyber attacks on Taiwan. Cybersecurity firm Trellix detected a four-fold jump in the volume of malicious emails between April 7 and April 10, 2023. The attacks, which have targeted a variety of sectors in the region, are mainly designed to deliver malware and steal sensitive information.
Some of the most impacted industry verticals during the four-day time period were networking, manufacturing, and logistics. The spike in malicious emails targeting Taiwan has been followed by a 15x increase in PlugX detections between April 10 and April 12, 2023. PlugX is a remote access trojan that has been used by numerous Chinese threat actors to control victim machines.
Trellix researchers Daksh Kapur and Leandro Velasco say that PlugX employs DLL side-loading techniques to fly under the radar. This technique consists of a legitimate program loading a malicious dynamic link library (DLL) file that masquerades as a legitimate DLL file.
This allows the execution of arbitrary malicious code bypassing security measures that look for malicious code running directly from an executable file.
Besides PlugX, Trellix says it also identified other malware families such as the Kryptik trojan as well as stealers like Zmutzy and FormBook targeting Taiwan.
Joseph Tal, senior vice president of the Trellix Advanced Research Center, says that geopolitical conflicts are one of the main drivers for cyber attacks on a variety of industries and institutions. He says that monitoring geopolitical events can help organizations to predict cyber attacks in countries they operate in.
