Exclusive: Taiwan cyberattack group targets Beijing, Fujian
Published: Dec 08, 2021 08:13 PM
cyber attack Photo:VCG

cyber attack Photo:VCG

GreenSpot, an advanced persistent threat (APT) organization from the island of Taiwan, has been launching cyberattacks on the Chinese mainland, mainly targeting Beijing and East China's Fujian Province that neighbors the island, a security report obtained by the Global Times showed.

The analysis report obtained by the Global Times from China's security company ThreatBook on Wednesday showed that the GreenSpot began launching cyberattacks in 2007 and was confirmed in 2013 to be from the island of Taiwan. It mainly targets government agencies, and aerospace and military-related scientific research institutes to steal high-value data and classified information, with spear phishing emails as their preferred method of attack.

GreenSpot launched large-scale targeted phishing attacks on a number of key universities, usually for the purpose of stealing the secret information of target users either to collect intelligence or to release a Trojan horse. The organization relies on phishing emails to send the phishing link.

Cha Han, the manager of the cyber security research response center of security company ThreatBook, told the Global Times the targeted attacks captured by GreenSpot this year are broad in scope. 

Among them, 50 percent were universities, and 15 percent each from scientific researching institutes and government agencies. Its cyberattacks also targeted the aerospace, energy and medical fields. 

Asked why universities are the main victims of the organization, Cha explained a large part of the targets of GreenSpot attacks in 2021 involved researchers studying cross-Straits relations.

Their targeted attacks were mainly in Beijing and Fujian, accounting for 53 percent and 9 percent, respectively. Beijing is a political and economic center and Fujian is a close neighbor of Taiwan, both of which are of great strategic significance.

From the first half of 2021, GreenSpot also forged domain names to attack in-service personnel and associated units/individuals. The targets were research units or departments that are involved in national security or development.

GreenSpot is good at using trending topics and individuals to launch their targeted attacks. For instance, the group has been using epidemic-related topics to launch attacks since November.

The report suggested universities, government agencies, aerospace, scientific research and coastal construction on the mainland raise their security awareness to ward off attacks.