A coordinated supply chain attack on Taiwan’s banking industry has been attributed to an advanced persistent threat (APT) organization with aims aligned to the Chinese government. The breaches are reported to have started in late November 2021, with the intrusions being ascribed to a threat actor known as APT10 (aka Stone Panda, the MenuPass gang, and Bronze Riverside) and active since at least 2009.
According to a recent study released by Taiwanese cybersecurity firm CyCraft, the second wave of attacks peaked between February 10 and 13, 2022, with the wide-ranging supply chain compromise specifically targeting the software systems of financial institutions, leading to “abnormal cases of placing orders.”
The “Operation Cache Panda” infiltration exploit weaknesses in the web management interface of an unnamed securities software with a market share of more than 80% in Taiwan, using it to deploy a web shell that acts as a conduit for implanting the Quasar RAT on the compromised system to steal sensitive information.
Quasar RAT is an open-source remote access trojan (RAT) made in .NET and is freely accessible. Capturing screenshots, altering the registry, recording webcam, keylogging, and collecting passwords are only a few functions. Furthermore, the attackers used wenshushu.cn, a Chinese cloud file sharing site, to download additional tools.
The news comes as the Executive Yuan of Taiwan has released draft reforms to national security legislation to fight Chinese commercial and industrial espionage. Unauthorized use of important national technology and trade secrets outside the country, for example, might result in a 12-year prison sentence.
Individuals and groups entrusted or financed by the Taiwanese government to undertake activities involving important national technology are also required to obtain prior government authorization for any visits to China, with fines of up to NT$10 million (approx. US$359,000) if they fail to do so.