Taiwan had its critical infrastructure subjected to attacks by the UAT-5918 threat operation leveraging tactics, techniques, and procedures similar to Chinese state-backed hacking groups Volt Typhoon and Flax Typhoon since 2023, reports The Record, a news site by cybersecurity firm Recorded Future.
After achieving initial access by targeting vulnerable internet-exposed web and application servers, UAT-5918 utilized tools previously associated with Volt Typhoon and Flax Typhoon to facilitate lateral movement, credential and data theft, and further compromise, according to Cisco Talos researchers, who also noted the threat group to be linked to the Earth Estries and Famous Sparrow operations. Such findings come as a Taiwanese government agency and other organizations in the U.S., France, Hungary, Turkey, and Thailand were reported by ESET to have been compromised by Chinese cybersecurity firm i-Soon as part of the Operation FishMedley campaign three years ago. Intrusions deployed by i-Soon, which were mostly exposed by a U.S. indictment earlier this month, also involved Chinese state-sponsored operations' toolkits.
