Chinese hacker groups attempted to infiltrate via e-mail specific targets in the government, academia and political circles, who were lured by documents discussing Taiwan-China geopolitical issues that were infected files containing malware, an investigative report by cybersecurity firm Trend Micro said.
The report revealed a series of attacks on Taiwanese targets by the Chinese group Earth Lusca, known to engage in cyberespionage activities, by using a “social engineering” tactic which works by manipulating or deceiving a victim into making security mistakes to gain control of a computer, or to steal personal and financial information.
Trend Micro identified a paper titled “China’s gray zone warfare against Taiwan,” reportedly stolen from a Taiwanese geopolitical expert, as the source of the infection, which was sent by Earth Lusca via e-mail.
The report, citing another file targeting Taiwan that contained a folder named “Sino-Africa relations,” said Earth Lusca was also behind that attack, specifically targeting a Taiwan-based think tank that studies international relations.
The campaign was active from December last year until January, the period leading up to the nation’s presidential and legislative elections.
The report said there is a significant connection between Earth Lusca and I-Soon (安洵信息) a Chinese government-affiliated firm, evidenced by the overlap in malware, targets and IP addresses based in Chengdu, China.
Trend Micro warned publicsector organizations, businesses and individuals to be aware of this new form of attack, calling on them not to open suspicious links or documents from unfamiliar e-mail addresses.