Taiwanese tech firms, universities, religious groups among targets in cyber-espionage campaign
Suspected Chinese state-sponsored hackers were observed targeting dozens of organizations in Taiwan, including universities, state agencies, electronics manufacturers and religious organizations, according to new cybersecurity research.
The group, tracked as RedJuliett, is likely interested in Taiwan’s economic policies and diplomatic relations with other countries, according to researchers at Recorded Future’s Insikt Group. The Record is an editorially independent unit within Recorded Future.
RedJuliett, also known as Flax Typhoon, was discovered by Microsoft last year but has been active since mid-2021, predominantly targeting Taiwan.
In an espionage campaign observed between December 2023 and April 2024 by Insikt Group, the group conducted reconnaissance or attempted exploitation of Taiwanese organizations, as well as entities in Hong Kong, Malaysia, Laos, the Philippines, South Korea, Kenya, Rwanda, Djibouti and the U.S.
In Taiwan, which faces ongoing sovereignty threats from China, the group shows an interest in technology companies, including those involved in the development of optoelectronics, facial recognition and semiconductors. The hackers' targets also include aerospace companies that have contracts with the Taiwanese military, computing industry associations and religious organizations.
RedJuliett is known for exploiting internet-facing devices such as firewalls, load balancers, and enterprise VPNs for initial access. Like many other Chinese threat actors, the group is likely targeting vulnerabilities in these devices because they have limited visibility and security solutions available, and targeting them has proven to be an effective way to scale initial access, researchers said.
According to the report, RedJuliett likely operates from Fuzhou, the capital of Fujian province in China, which is relatively close to Taiwan.
RedJuliett will “almost certainly” continue to conduct high-tempo cyber-espionage operations with a focus on Taiwanese technology, government, educational, and think tank organizations, according to Insikt Group.
“We also anticipate that Chinese state-sponsored groups will continue to focus on conducting reconnaissance against and exploiting public-facing devices, as this has proved a successful tactic in scaling initial access against a wide range of global targets,” researchers added.
Daryna Antoniuk
is a reporter for Recorded Future News based in Ukraine. She writes about cybersecurity startups, cyberattacks in Eastern Europe and the state of the cyberwar between Ukraine and Russia. She previously was a tech reporter for Forbes Ukraine. Her work has also been published at Sifted, The Kyiv Independent and The Kyiv Post.