Taiwan-Based Hacking Group Engages in Persistent Cyberattacks Against Chinese Mainland: Cybersecurity Firm

In a recent report, a Taiwanese-based hacking group known as "Poison Vine" (APT-Q-20) has been identified by a leading Chinese cybersecurity company, Qi-Anxin Group, as actively targeting government, military, defense, and scientific research institutions in the Chinese mainland. The organization, which is linked to Taiwan's "Information, Communications and Electronic Force Command" (ICEFCOM), has been engaging in persistent cyberattacks against the mainland for several years.

The Ministry of State Security (MSS) of China recently published an article revealing details about four members of ICEFCOM who are involved with "Taiwan independence" forces. The MSS stated that state security authorities have rigorously monitored and investigated cyberattacks and infiltration activities taken by ICEFCOM, and identified multiple individuals involved in planning, directing, and executing these operations.

Qi-Anxin Group's technical expert emphasized the urgent need for individuals and enterprises to strengthen device security, particularly by adopting complex passwords. The expert warned that Taiwan-based APT attacks are relatively unsophisticated, relying on simple network weapons and even brute-force attacks on weak passwords across various network devices in the mainland.

However, Qi-Anxin noted that the Poison Vine group has been registering new domain names and buying servers to carry out phishing attacks for 15 years. This suggests that the organization is becoming increasingly sophisticated in its methods, despite relying on relatively simple tactics.

The report released by Qi-Anxin indicates that APT-Q-20 has engaged in large-scale imitation of popular social software, email systems, government agency websites, military websites, and university websites on the Chinese mainland. The goal is to amass personal data for subsequent intelligence theft in the mainland.

Two primary attack vectors used by the Poison Vine group are phishing website attacks and phishing email attacks. In email attacks, the organization impersonates entities such as professionals from think tanks, military-civil fusion industrial parks, military magazines, civil service recruitment agencies, and defense contractors.

The report also shows that over 30 percent of vulnerabilities exploited by APT organizations in attacks on Chinese mainland devices involve weak passwords in routers, cameras, smart home devices, and firewalls. This highlights the importance of individuals and enterprises taking proactive measures to strengthen their device security.

Increasing Frequency of APT Attacks

Rising geopolitical tensions have led to an increase in the frequency of APT attacks aimed at espionage and intelligence theft. Qi-Anxin's expert warned that individuals and enterprises must remain vigilant against the ongoing threat posed by Taiwan-based APT organizations.

"We must remain vigilant against the ongoing threat posed by Taiwan-based APT organizations," the expert said. "As the situation on the ground continues to deteriorate, we can expect to see an increase in APT attacks in the coming years."