JAKARTA - The Insikt Group, the Intelligence Research Department of the US network security consulting firm Recorded Future, published a report on Thursday, July 8 alleging that a group allegedly funded by the Chinese government targeted telecommunications organizations in Taiwan, Nepal and the Philippines.

The threat group, which they refer to as Threat Activity Group 22 (TAG-22), targets telecommunications, academic, research and development centers, and government organizations in three countries. In fact, according to the researchers, some attack activity appears to be ongoing until now.

The latest attack plays in the larger backdrop of Chinese hackers seemingly lurking in the global competition in the telecommunications space, which has become an arena of political and economic conflict between China and the United States.

"In particular, the targeting of ITRI is important because of its role as a technology research and development institute that has founded and incubated several Taiwanese technology companies," the researchers wrote, as quoted by ehackingnews.com.

“This organization focuses on sustainability technology projects that align with China's development interests. In recent years, this Chinese group has targeted several organizations across Taiwan's semiconductor industry for source code, software development kits and chip designs," the researchers said.

Last year, cybersecurity firm CyCraft claimed that there was a two-year, large-scale hacking operation focused on Taiwan's semiconductor industry, and this wave of operations is likely to be initiated by Chinese hackers.

CrowdStrike, a US computer security technology company, also mentioned in a report last year that telecommunications was one of the areas most frequently targeted by Chinese hackers in the first half of 2020.

Researchers believe the TAG-22 used a backdoor used by other Chinese state-sponsored groups, including the Winnti Group and ShadowPad for early access. This technology also uses open source security tools such as Cobalt Strike.

Outside of the telecommunications industry, threat groups have targeted academia, research and development, and government organizations in Nepal, the Philippines, Taiwan and Hong Kong.

While the researchers primarily identified the group as operating in Asia, the scope of its targets was generally broader, they said. That, according to researchers, puts it in line with other major Chinese hacking groups including APT17 and APT41.


The English, Chinese, Japanese, Arabic, and French versions are automatically generated by the AI. So there may still be inaccuracies in translating, please always see Indonesian as our main language. (system supported by DigitalSiber.id)