According to a new report published by Taiwanese cybersecurity firm CyCraft, the second wave of attacks between February 10 and 13 – 2022, with the wide-ranging supply chain compromise specifically targeting the software systems of financial institutions, resulting in “abnormal cases of placing orders.”
The “Operation Cache Panda” infiltration exploited a vulnerability in the web management interface of an unnamed securities software with a market share of over 80% in Taiwan, using it to deploy a web shell that acts as a conduit for implanting the Quasar RAT on the compromised system with the goal of stealing sensitive information.
The attacks are reported to have started in late November 2021, with the intrusions being linked to a threat actor known as APT10, also known as Stone Panda, the MenuPass group,Bronze Riverside and active since at least 2009. An organised supply chain attack on Taiwan’s banking industry has been attributed to an APT group with objectives aligned with the Chinese government.
The news comes as the Executive Yuan of Taiwan has released draught reforms to national security laws geared at fighting Chinese commercial and industrial espionage. Unauthorized use of important national technology and trade secrets outside the country.
Finally the researchers concluded that ,” Individuals and groups entrusted or financed by the Taiwanese government to conduct operations involving important national technology are also required to obtain prior government authorisation for any trips to China, with fines of up to NT$10 million (US$359,000) if they fail to do so.”