China hackers attack Taiwan targets including opposition party

Ms Tsai Ing-wen (centre), presidential candidate and chairman of Taiwan's opposition DPP at a campaign event in Taipei on Dec 20, 2015.
Ms Tsai Ing-wen (centre), presidential candidate and chairman of Taiwan's opposition DPP at a campaign event in Taipei on Dec 20, 2015.PHOTO: BLOOMBERG

TAIPEI (BLOOMBERG) - Chinese hackers have attacked Taiwanese targets including local news organisations and the opposition Democratic Progressive Party (DPP) in a bid to get information about policies and speeches ahead of presidential and legislative elections next month (January).

An attack on the unnamed media outlets came in the form of phishing e-mails with the subject line "DPP's Contact Information Update", according to research by security company FireEye, which identified a Chinese state-backed group called APT16 as behind the attacks.

Hackers also infiltrated e-mails of party staff, changing security protocols and writing messages spoofing the account holders in what may have been an attempt to deliver malicious code, according to one of the victims.

Taiwan goes to the polls on Jan 16 and opinion surveys show the DPP is likely to win a legislative majority, with its leader Tsai Ing-wen securing the presidency after eight years of nationalist Kuomintang rule.

China, which considers Taiwan to be one of its provinces, is wary of the DPP's views on Taiwan independence and advocacy of more caution in its relationship with the mainland.

As well as not wanting the DPP in power, China may want to understand the party better so as to undermine them with access to non-public information, FireEye Principal Threat Intelligence analyst Jordan Berry said by phone. "There's a lot of people in China who want and need information for their own intelligence purposes."

China's Ministry of Foreign Affairs didn't reply to a faxed request for comment.


FireEye, based in California, provides malware and network- threat protection systems. After its Mandiant division alleged in February 2013 that China's military may be behind a group that hacked at least 141 companies worldwide since 2006, the US issued indictments against five military officials who were purported to be members of that group.

Another target in Taiwan appears to be former US diplomat to Taiwan William Stanton who said he's received multiple warnings from Google that his Gmail account may be targeted by government hackers.

"If you were directed to this page from a warning displayed above your Gmail inbox, we believe that state-sponsored attackers may be attempting to compromise your account or computer," the warning read without identifying the country.

"It's likely that you received e-mails containing malicious attachments, links to malicious software downloads, or links to fake websites that are designed to steal your passwords or other personal information."

Mr Stanton, who was director of the American Institute in Taiwan from 2009 to 2012 in a position akin to ambassador, told Bloomberg News he believes he is being targeted because of his former role and his current position as director of Taiwan's National Tsing Hua University Centre for Asia Policy.

While the DPP has been under attack for months, the frequency has picked up in the past few weeks, said Ms Ketty Chen, deputy director of international affairs at the DPP, whose own account was compromised.

Ms Chen was among as many as 50 DPP staff targeted by hackers and was alerted when she noticed inconsistencies in the writing style of a colleague in internal correspondence.

Suspicious E-mails

"There were fake e-mails that looked like they came from her," Ms Chen said. "When I read it, the style was not how she would talk so I called to ask if she really sent it, and she hadn't."

Ms Chen received e-mails purporting to come from Ms Tsai's speechwriter and another from a member of the DPP's cross-strait policy team. In each case, the e-mail asked the recipient to open an attachment purporting to be a draft document. Hackers typically send e-mails to targets hoping they'll open attachments loaded with malware that infiltrate their computers, providing links to those of colleagues' computers and contacts.

With concerns over security of their work accounts, some DPP staff switched to Gmail, Ms Chen said. Her Gmail account was compromised when hackers turned off the two-step identification verification process by deleting her mobile number, and adding a forwarding address so that all incoming e-mails went to an external Gmail account.

The allegations come weeks after state-run Xinhua news agency reported that an investigation into an alleged theft of data from the US Office of Personnel Management had shown the attack was carried out by criminals, rather than being state- sponsored as previously suspected by the US government.

Cyberspace must not become a "battlefield" between states, President Xi Jinping said at an Internet conference on Wednesday (Dec 16) in Wuzhen, and he called for greater cooperation on punishing cyber-attacks and fighting terrorism.