Officials in Taipei are expressing concern about the possibility that recent malware attacks on major companies may presage a wider wave of politically motivated hacking offensives. Their statements make clear that Taiwan sees China as the most likely source of the coordinated cyberattacks that have occurred over the last week.
Taipei names Beijing as suspected source of attacks
Wang Ting-yu, a legislator from the ruling Democratic Progressive Party (DPP), said on May 6 that the People’s Republic of China was responsible for recent cyberattacks on Taiwanese companies active in the energy, finance and technology sectors. Speaking during a meeting attended by Defense Ministry officials and members of the Legislative Yuan’s Foreign Affairs and National Defense Committee, he reported that the number of malicious attacks had been rising for several weeks.
Moreover, he said, the wave is likely to surge during the run-up to the inauguration of President Tsai Ing-Wen, who was re-elected in January. Chinese hackers are expected to escalate their campaign of coordinated attacks in the hope of disrupting or paralyzing Taiwan’s computer networks before Tsai begins her second term on May 20, he said.
Tsao Chin-ping, the deputy chief of the General Staff for Communication, Electronics and Information, delivered a similar warning. Speaking at the same meeting, he said that Taiwan expected China to be the source of a more intensive set of coordinated cyberattacks on government agencies and state-owned companies prior to the inauguration.
Taiwan’s Armed Forces are preparing for this possibility, he added. “The Chinese cyberarmy’s intrusion channels into these computer systems came through mobile storage devices and social media platforms,” he said. “Our military units will bolster cybersecurity measures to defend against these types of hacking.”
Three major companies were hit in just two days
Tsao and Wang were speaking two days after CPC Corp., Taiwan’s national oil company (CPC), suffered a malware attack that affected its downstream business. The incident left CPC’s filling stations unable to accept payment from customers using VIP cards or electronic payment apps and unable to access the digital platforms used for management of revenue records. It was later described as a ransomware attack.
Just one day later, CPC’s biggest corporate rival was hit by a separate offensive. Formosa Petrochemical Corp. (FPCC) said that it had shut down computers in all divisions on the morning of May 5, after one of its employees discovered irregularities on one particular machine. Inspectors learned that the machine was infected by a virus, but the breach did not affect company operations or lead to the loss of any data, it said.
Meanwhile, Powertech Technology, a leading Taiwanese provider of integrated circuit packaging and testing services, suffered a ransomware attack on May 5. It reported that some of the servers at its factory in Hsinchu were infected but stressed that a team of information security experts had been to resolve the problem and restore the servers without any data loss.
Taiwan is gearing up for a wider wave of coordinated attacks
The affected companies did not immediately name any potential culprits. However, the timing of the attacks led observers to speculate that they had come from the same source. As Tim Mackey, principal security strategist at the Synopsys CyRC, told The Daily Swig, “Coincidence in cybersecurity often means commonality in either attackers or attack mythologies.”
Given the long-standing tensions between Taiwan and China, it comes as no surprise that officials in Taipei see Beijing as the most likely source of these coordinated cyberattacks. Indeed, Taiwan’s National Security Bureau (NSB) stated on May 6 that China appeared to be gearing up for a wider attack later in the month. These coordinated attacks against important Taiwanese companies could be a test run for attempts to sabotage the systems used by government agencies, infrastructure operators, and electricity suppliers and other utilities, it said.
In response, Taipei has drawn up its own coordinated defense strategy. Kolas Yotaka, a spokesman for the Taiwanese cabinet, said on May 7 that the government had established a task force to address concerns about an expanding wave of cyberattacks. He was speaking on the same day that the Taiwanese press reported that the government was stepping up security provisions in key sectors of the economy including energy, finance, healthcare and transportation and sharing relevant intelligence data with friendly countries such as the U.S. and Czechia.