Chinese Hackers Target Web Hosting Firms in Taiwan

A growing threat in the tech world has come to light as Chinese hackers have set their sights on web hosting companies in Taiwan, according to researchers at Cisco Talos.

The cybersecurity experts identified a new group of hackers they've dubbed UAT-7237, which is believed to be a subgroup of the previously known UAT-5918. This group has been tracked by Talos and is thought to be state-sponsored, with its tools and tactics eerily similar to those used by other notorious "typhoon" hackers.

The Tools of the Trade

UAT-7237's arsenal includes a custom Shellcode loader known as "SoundBill," which has garnered significant attention from researchers. This tool is just one part of their toolkit, which also features open-source and customized malware, Cobalt Strike beacons, and a preference for exploiting unpatched servers exposed to the internet.

These hackers have been observed breaching Taiwanese hosting providers and gaining access to VPN and cloud infrastructure. They've used these platforms to launch reconnaissance missions, extract credentials, deploy bespoke malware, set up backdoored access via VPN clients, network scan, and even proliferate their presence on compromised servers.

The Attack Vector

According to Talos researchers, UAT-7237 exploited known vulnerabilities in unpatched servers to gain initial access. This technique is not new to state-sponsored groups like Volt Typhoon and Flax Typhoon, who also commonly target unpatched VPN appliances, firewalls, and email servers.

In some cases, these hackers have even abused valid credentials for VPN, RDP, and cloud accounts. However, their preferred method of operation involves blending into normal network activity to establish persistence through compromised infrastructure rather than relying on phishing or malware attacks.

The Implications

The implications of this threat are clear: web hosting companies in Taiwan are now under increased scrutiny as potential targets for these state-sponsored hackers. It's essential for organizations in the industry to stay vigilant and ensure their security measures are up-to-date to prevent similar breaches.

As the threat landscape continues to evolve, it's crucial for individuals and organizations alike to remain informed and prepared for the latest threats in cybersecurity. Stay ahead of the curve with the latest news and expert analysis from TechRadar Pro.