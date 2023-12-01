With geopolitical tensions and a trade war acting as a backdrop, China-led cyberattacks on Taiwan are rising sharply, according to multiple security reports.\n\nIn the latest report about alleged China-sponsored cyberattacks on Taiwan, Kate Morgan, a senior engineering manager in Google\u2019s Threat Analysis Division, told Bloomberg that Google is tracking close to 100 hacking groups out of China. The malicious groups are attacking a wide spectrum of organizations, including the government, private industry players and defense organizations.\n\nA spike in cyberattacks originating from China was \u00a0also reported by Microsoft. A "nation-state" hacking group referred to as Flax Typhoon, believed to be active since 2021 and based in China, has targeted a range of Taiwanese organizations in telecom, education, energy, and information technology, according to a Microsoft Security blog post in August\n\n\u201cFlax Typhoon gains and maintains long-term access to Taiwanese organizations\u2019 networks with minimal use of malware, relying on tools built into the operating system, along with some normally benign software to quietly remain in these networks,\u201d the Microsoft blog said.\n\nThe hacking group's behavior and targets suggest that it is performing espionage, Microsoft said. Though Flax Typhoon uses a number of hacking tools, it relies mainly on living-off-the-land techniques, and makes initial inroads into systems by taking advantage of vulnerabilities in web-connected servers using web shells like China Chopper, Microsoft said.\n\nIn adition, a recent Fortinet study cited widely in media reports revealed that the cybersecurity company detected \u00a0as many as 15,000 cyberattacks per second on Taiwan in the first half of the current year. This marked an increase of 80% compared to the same period in 2022. Common techniques were distributed denial-of-service attacks (DDoS) and use of DoublePulsar, a backdoor implant tool developed by the US National Security Agency.\n\nGeopolitical tensions shadow attacks on Taiwan\n\nGeopolitics act as a backdrop behind\u00a0the increasing number of cyberattacks on Taiwanese infrastructure. Relationships between Taiwan and China worsened after Nancy Pelosi, then speaker of the US House of Representatives, visited Taiwan in August 2022. Earlier this year, there were concerns that China would invade Taiwan in the wake of worsening ties with the US, which backs Taiwan. China views Taiwan as part of its territory, though it has been independent since 1949 and has a separate, democratically elected government.\u00a0\n\nA semiconductor trade war is also a factor in the deteriorating ties between the US and China. Nearly 92% of the world\u2019s advanced semiconductors with nodes below 10 nanometers are manufactured in Taiwan, making it crucial to the global economy. Any disruption in manufacturing can result in a global shortage.\n\nLast year, the US \u00a0announced restrictions on selling advanced chips to China, which retaliated by limiting the export of Gallium and Germanium, a key component in chip production. Recently, the US came up with additional restrictions on exports of semiconductors and chip-making equipment to China.\n\nIn a recent interview with the New York Times, Taiwan\u2019s President, Tsai Ing-wen, said that China is too \u201coverwhelmed\u201d with its \u201cinternal economic, financial as well as political problems\u201d to invade Taiwan. Nevertheless, tensions between China and the US, as well as between China and Taiwan, are not likely to end soon, and companies with business in Taiwan or China should take note, experts say.\n\nDefending against techniques used by nation-state actors "begins with vulnerability and patch management, particularly on systems and services exposed to the public internet," Microsoft said in its blog. "The credential access techniques used can also be mitigated with proper system hardening."