China Accuses Taiwan of Operating APT Groups with US Support

China has accused Taiwan’s Democratic Progressive Party (DPP) authorities of orchestrating a series of sophisticated cyber attacks through Advanced Persistent Threat (APT) groups.

Referred to as “T-APTs,” these groups are allegedly supported by Taiwan’s Information, Communications and Electronic Force Command (ICEFCOM) and are claimed to have close ties with the United States.

Allegations of Cyber Espionage and Sabotage

The report outlines how these entities have been conducting long-term cyber espionage and sabotage against critical infrastructure, government bodies, and key industries across the Chinese mainland, Hong Kong, and Macao.

The primary objective, as stated, is to steal sensitive intelligence related to defense, diplomacy, and cutting-edge scientific research, subsequently selling this data to anti-China forces abroad.

Furthermore, these groups are accused of collaborating with the US government and military to wage cyber warfare, public opinion manipulation, and cognitive warfare against China, acting as proxies for a so-called “color revolution.”

Technical Insights into T-APT Operations

Delving into the technical aspects, the report identifies five specific T-APT groups APT-C-01 (Poison Vine), APT-C-62 (Viola Tricolor), APT-C-64 (Anonymous 64), APT-C-65 (Neon Pothos), and APT-C-67 (Ursa) each with distinct attack patterns and targets ranging from government agencies and defense sectors to universities, transportation, and IoT systems like video surveillance networks.

Their tactics, techniques, and procedures (TTPs) include phishing campaigns with carefully crafted lure documents and websites mimicking legitimate domestic services.

It exploits known vulnerabilities in widely used software such as Microsoft Windows and Office, and deploying open-source and commercial tools like Cobalt Strike, QuasarRAT, and Sliver RAT for initial access, persistence, and lateral movement within compromised networks.

For instance, APT-C-01 has been noted for its phishing attacks during significant events like the COVID-19 pandemic, using themes such as vaccination and health QR codes, while APT-C-67 targets IoT systems to gather cyber and geographic intelligence.

The report highlights the groups’ reliance on publicly available tools and lack of zero-day exploits, indicating limited independent weaponization capabilities, yet their coordination with DPP’s political maneuvers especially during high-profile US-Taiwan interactions demonstrates a strategic alignment with “Taiwan independence” agendas.

Additionally, their efforts to tamper with digital media and spread disruptive content during events like the 2023 Hangzhou Asian Games underscore an intent to destabilize social order.

The ICEFCOM, established in 2017 under Tsai Ing-wen’s administration, is described as the orchestrating body, integrating military and civilian cyber capabilities with over 6,000 personnel and deep-rooted connections to US cyber forces.

The report concludes with a stern warning, vowing to track these groups and their backers relentlessly, using all necessary means to bring them to justice.

Indicators of Compromise (IoCs)

To Upgrade Your Cybersecurity Skills, Take Diamond Membership With 150+ Practical Cybersecurity Courses Online – Enroll Here