Taiwan’s Democratic Progressive Party (DPP) has become the latest target of Chinese hackers who appear to have been gathering information about the upcoming presidential and legislative elections set to be held next month.
Reports indicate that the group behind the attack is APT16, a state-backed group who were traced back to an official Xinhua News Agency outpost in the Malaysian capital of Kuala Lumpur.
Phished e-mails with the subject line “DPP’s Contact Information Update” were sent to staff members who used the attack to compromise their e-mails, according to U.S.-based Internet security group FireEye.
The election will be held on January 16 and early surveys show strong support for the DPP and its leader Tsai Ing-wen. China doesn’t agree with the DPP’s views on Taiwanese independence and their somewhat hostile attitude towards Beijing. While the DPP has been under attack for months by hackers, the frequency of these attacks has increased in past weeks.
Ketty Chen, deputy director of international affairs at the DPP, was alarmed when she noticed inconsistencies in the writing style of a colleague in internal correspondence. “There were fake e-mails that looked like they came from her,” she said. “When I read it, the style was not how she would talk so I called to ask if she really sent it and she hadn’t.”
Chen received e-mails purporting to come from Tsai’s speechwriter and another from a member of the DPP’s cross-strait policy team. In each case the e-mail asked the recipient to open an attachment purporting to be a draft document. Hackers typically send e-mails to targets hoping they’ll open attachments loaded with malware that infiltrate their computers.
With rising concern of the security of their work accounts, many DPP staff members switched to Gmail. Chen’s Gmail was compromised after hackers were able to turn off the two-step identification verification by deleting her mobile number and adding a forwarding address that would send all incoming e-mails to a separate account.
Just a few weeks ago, Xinhua News Agency reported that an investigation into an alleged theft of data from the U.S. Office of Personnel Management proved the attack was carried out by criminals, rather than being state-sponsored as previously suspected by U.S. government.
At Wednesday’s Internet conference in Wuzhen, Xi Jinping said that “cyberspace must not become a battlefield between states” and called for support in punishing cyber-attacks. Unsurprisingly, China’s Ministry of Foreign Affairs did not respond to requests for comment sent by various news agencies.
By Mary DeMay