In a move that could rattle the already tense geopolitical chessboard, a recent report jointly released by the National Computer Virus Emergency Response Center and, sheds light on alleged cyber activities originating from Taiwan. The report, which is making waves in security circles, publicly identifies five cyber espionage groups linked to the island: APT-C-01 (Duyunteng), APT-C-62 (Tricolore), APT-C-64 (Anonymous 64), APT-C-65 (Goldenleaf), and APT-C-67 (Ursula).
The document, offering an unprecedented peek behind the digital curtain, ties these groups directly to Taiwan’s “Cyber Warfare Unit,” alleging that they are orchestrated and financed by the ruling party and are responsible for directing cyberattacks on mainland systems.
Report Cover
The report specifically highlights the APT-C-67 (Ursula) group, claiming its involvement in a recent cyberattack against a technology firm in Guangzhou this April. The group is said to have been probing networks across over a dozen provinces, targeting critical infrastructure like military installations, energy grids, and transportation, while gathering sensitive data through phishing campaigns and exploiting vulnerabilities.
Authorities in Guangzhou have already issued arrest warrants for twenty individuals said to be involved in the attacks, indicating a swift response to the alleged cyber incursions.
Zhou Hongyi, founder of commented on the complexities of cyberattack attribution, a challenge he describes as a “global puzzle.” He lauded the necessity for extensive security data, specialist expertise and practical experience to determine a source, claiming to possess almost two decades of experience in countering foreign APT groups, including those based in Taiwan. He noted that the “Ursula” group, though relatively new, has been particularly aggressive in targeting internet of things (IoT) systems on the mainland and in Hong Kong and Macau, potentially to gain intelligence via surveillance technology. However, claims to understand this group’s tactics fully.
Hongyi characterized the Taiwan-based APT groups as being of a lower tier, suggesting their counter-surveillance techniques are “weak”. He points to a history of unprofessional practices, such as leaving identifying information on their attack servers, resulting in easily traceable digital footprints. He claims their experts are often able to detect any attacks at the initial stages, using knowledge accumulated from previous conflicts.
Security experts also point to the groups’ reliance on known vulnerabilities as a significant issue, in the absence of advanced exploit capabilities. A dependence on readily available, open-source tools and their lack of sophistication in evasion techniques also made them easier targets for experienced security professionals, the experts claimed.
Boasting industry dominance, claims to have identified 58 APT groups, accounting for over 98% of all APT detections within the country. Their findings include alleged activities by major national-level players like the U.S. National Security Agency (NSA) and the Central Intelligence Agency (CIA) that have targeted critical infrastructure, scientific institutions and government bodies for over a decade.
In a notable example, in 2022, claims to have been the first to discover network attacks on the Northwest Polytechnical University. The discovery resulted in a report to relevant authorities. This eventually resulted in the dismantling of alleged spyware networks.
Looking to the future, Zhou Hongyi emphasized the evolution of cyber warfare in the age of Artificial Intelligence. He indicated that as a company with strengths in both cybersecurity and AI, it is well-positioned to accelerate the development of advanced security models. claims to remain heavily committed to collaborating with others to bolster digital security defenses and promote stability in the country.
Original article, Author: Tobias. If you wish to reprint this article, please indicate the source:https://aicnbc.com/1761.html
