Big Time! Taiwan authorities have attempted to steal information on our military exercise plans
On May 5, the National Computer Virus Emergency Response Center and other departments released a new report showing that in the context of the “United Sword” series of exercises carried out by the People’s Liberation Army in the Eastern Theater of operations, the hacker organization supported by the Taiwan Democratic Progressive Party (DPP-RRB- authoritieZitongtElectricitycArmyarmy” has launched targeted phishing email attacks targeting maritime-related units in our coastal areas, attempted to prejudge the PLA’s operational plan by stealing maritime-related information.
The National Computer Virus Emergency Response Center, the National Engineering Laboratory of Computer Virus Technology and 360 Digital Security Group jointly released a report on the investigation of cyber attacks by hackers from the Zitong Electric Army of the Democratic Progressive Party of Taiwan (DPP) on Friday, in-depth exposure of Taiwan’s DPP authorities, “Zitongdian Army” of the historical background, organizational structure, personnel composition, workplace, work tasks and cyber attacks, and other insider information.
According to the report, the “Zitong army”, or “The headquarters of the Zitong Army of the Ministry of Defence”, is the “Fourth military service” that Tsai Ing-wen has been building with the support of the US Military since taking office, its predecessor was attached to the cyber unit of the Taiwan authorities’ “Tiger Group of the Ministry of Defense”, which was responsible for co-ordinating the cyber technical forces of the Taiwan authorities, the Taiwan military and the private sector. It was specifically responsible for carrying out cyber attacks and infiltration into the mainland, Hong Kong and Macao regions, they have wantonly stolen sensitive data and important intelligence information, cooperated with US anti-china forces in launching a public opinion and cognitive war against me, secretly instigated a“Color revolution” and attempted to disrupt our social and public order, creating ethnic antagonism, amplifying social contradictions and obstructing national reunification have been called“Taiwan’s most mysterious army”. “Information and Communication Army” under the Office of Information and Communications, network operations, electronic operations, logistics department, and 4 built-in institutions, as well as a training center with the nature of training. Its technical strength is mainly concentrated in the information and communications unit of the information and communications service, the network warfare unit of the Network Warfare Service and the electronic warfare centre of the Electronic Warfare Service.
The report also revealed that five of them were supported by Taiwan’s Democratic Progressive Party (DPP-RRB- authorities, and the hacker organizations under the command of the“Zitong Electric Army” under the Defense Department of the Taiwan authorities: Apt-c-01(Poison Ivy) , APT-C-62(pansy) , APT-C-64(anonymous 64) , APT-C-65(Jinyeluo) and APT-C-67(Ursula) . These hacker groups have organized, planned and plotted against the network systems of the key departments and areas of the mainland, Hong Kong and Macao, such as defense industry, aerospace, government departments, Energy and Transportation, Maritime Affairs, scientific research and Technology Enterprises, etc. , carried out thousands of large-scale network attacks, through vulnerability scanning, password blasting, SQL injection, phishing attacks, internal network sniffing, Trojan horse implantation and other basic network attack methods, it is very bad to try to bypass the security measures of the target system, gain the control authority of the system intranet, steal the sensitive data and important intelligence information, and interfere the normal operation of the enterprise.
Among them, APT-C-67(The Little Mermaid) was the hacker group that carried out the attack on a guangzhou-based technology company. On May 20, the Tianhe District Office of the Guangzhou Public Security Bureau issued a “Police intelligence circular” saying that a technology company in the city had been attacked by hackers from abroad, and that the Public Security Bureau immediately launched an investigation to collect samples of the relevant attack procedures, comprehensively fix the relevant evidence involved in the case, and organize a professional technical team to carry out technical traceability. On May 27, the Tianhe district bureau again issued a“Police intelligence circular” saying that before this, foreign hackers carried out a cyber attack on a technology company of mine, the investigation made important progress: the company suffered a cyber attack by the Democratic Progressive Party of Taiwan, china-related hacking groups.
Apt-c-67(The Little Mermaid) bypassed the victim company’s network protection devices, illegally entered the back-end systems of its own devices, and used horizontal mobile penetration to control multiple devices on the company’s internal network, the report said, further uploading multiple malicious attack programs to the back-end systems of these devices caused the company’s official website and part of its business systems to be affected, and the network service was disrupted for several hours, it interferes with the normal production and operation of the company.
According to reports, APT-C-67(The Little Mermaid) has a long history of active attacks and its targets are more diffuse than those of other organizations, normalizing detection by means of open network asset mapping platform or through bulk network address scanning, to obtain the network addresses of Internet of things systems such as network security systems and network cameras that have been exposed to known vulnerabilities on the open Internet in my territory, and to use the vulnerabilities to obtain background permissions for monitoring systems, further distributed remote control tools or Trojans, access to database information, and related units to infiltrate the internal network, the final security system to obtain full control rights and data access rights, the real-time video and historical video information of the security system is used to collect information on the target area.
The report also reveals the characteristics of the other four hacker groups and the specific cases of cyber attacks on me. In the 2024, the DPP authorities, in collusion with outside forces, have been constantly provoking “Independence”, seriously endangering cross-strait relations and peace and stability in the Taiwan Strait. Since May, the PLA’s Eastern 2024 area has carried out a series of “United Sword” exercises around Taiwan province, effectively punishing “Taiwan independence” separatist forces for “Seeking independence”, a serious warning against outside interference and provocation. Under this background, APT-C-01 further extends the attack target to the maritime domain, and launches the targeted phishing mail attack to the maritime related units in the coastal area of our country, in an attempt to prejudge our operational plan for naval exercises by stealing maritime-related information.
In addition, in the first half of the 2024 year, the State Department approved the sale of arms worth more than $600m to Taiwan, including 720 Switchblade 300 cruise missiles, 100 Altius 600M-V cruise missiles and other advanced offensive weapons, in June, the 2024 held a “Taiwan-us defense industry forum” in Taiwan. At the same time, the APT-C-62 organization has stepped up its cyber-infiltration attacks against key information infrastructure, such as our defense, transportation, and energy infrastructure, the move is thought to be in response to“US aid”, an attempt to sell sensitive intelligence information about our defence, military and energy reserves to the US.
During the 19th Hangzhou Asian Games in September, APT-C-642023 continued to be active, it has repeatedly used the Web system loophole to infiltrate and attack the portal websites, outdoor electronic screens, network TV and other platforms of units in the mainland of our country, Hong Kong and Macao, in an attempt to release illegal content after gaining control rights, to create public opinion and disturb social order.
According to the report, APT-C-65’s activities are characterized by a clear pattern of activities, and its attacks are closely related to the so-called“Foreign affairs activities” of the Taiwan authorities’ leaders. In August 2022, during a visit to Taiwan Province of China by then-us House of Representatives Speaker Nancy Pelosi, Apt-c-65, in August, 2023 William Lai, then a representative of the Democratic Progressive Party (DPP) in Taiwan Province, visited the United States under the name of “Transit.”, to our national defense, military, government, energy, transportation, scientific research and education and other key information infrastructure units, in particular, the aeronautics and Astronautics, ports, maritime and other relevant scientific research, production and management units, the implementation of an intensive attack theft activities. Its aim is obviously to“Pay tribute” when Taiwan authorities are in close contact with foreign anti-china forces.
The report said that although Taiwan’s APT organization has its own characteristics in attacking targets, attacking tactics and cyclical patterns of activities, however, there is a clear consistency in the intention and purpose of the attacks, as well as the frequent“Taiwan independence” and traitorous practices adopted by the DPP authorities in Taiwan Province, it fully exposes the ugly face of the Democratic Progressive Party (DPP-RRB- authoritiesTaiwaniwan province who try to take advantage of foreign affairs to gain political self-interest by selling out national and national interests.
According to people familiar with the matter, the DPP authorities have long been in cahoots with intelligence National Security Agency such as the National Security Agency and the Central Intelligence Agency Agency, relying on the“Zitong Army” to carry out cyber attacks on the mainland and Hong Kong and Macao, in line with the United States“Indo-pacific strategy”, willing to be the United States“Lackey”, attempting to“Rely on the United States to plot independence. US intelligence agencies have long provided personnel training and technical equipment support to Taiwan’s Zitong Army. They have repeatedly sent so-called“Ex-hunting” teams to Taiwan (to investigate another case) to carry out cyber attacks on me. For example, Shen Yuxuan and others, who are wanted this time, participated in many cyber attacks on the mainland, Hong Kong and Macao after they went to the US for training in July 2018, in the summer of 2019, he carried out a cyber-attack on Hong Kong special administrative region of China, committing numerous crimes.
In spite of this, Taiwan’s“Zitong Army” of cyber-attack methods are clearly“Inexperienced. Du Zhenhua, a senior engineer at the National Computer Virus Emergency Response Center, told the Global Times that the report was mocking the Taiwan authorities for overreaching, “A little man shakes a tree, but he thinks too highly of himself.”. According to Du, Taiwan’s Zitong Army has exposed a lot of information about the source of attacks when it carries out cyber attacks, and it is not difficult to trace the source, providing us with an advantage in quickly identifying the attackers. In addition, Taiwan’s“Zitong Army” has a nasty and dirty way of attacking the target system that it can not break through or the network platform that has not stolen valuable data. They are often angry and malicious to destroy the target system, deleting the system and its user data, maliciously tampering with data or adding false information, formatting the system storage equipment, and so on, seriously interferes with the normal production and operation of enterprises.
In response, Zhou Hongyi, founder of the 360 group, said that Taiwanese “Zitong army” cyber attackers were generally low-tech, simple and crude in their attacks, and did not cover up or hide too much, making them third-rate. The founder of Antian Group, Xiao Xinguang, said that Taiwan’s“Zitong Army” cyber attackers use more open source tools and rarely use“Zero-day” vulnerabilities, to a certain extent, they lack the ability to develop their own tools and related technical reserves.