Governance, Risk and Compliance

Malware attack targets US-Taiwan defense conference

Chinese hacker. Laptop with binary computer code and china flag

A conference connecting defense industry professionals in the U.S. and Taiwan has come under attack from malware threat actors.

Researchers with security firm Cyble report that a defense industry event was the target of a fileless malware infection, presumably aimed at collecting intelligence on behalf of the Chinese government.

According to Cyble, the attack stands out because it uses a novel technique to avoid detection. Rather than trying to use exploits or social engineering to put an executable on the target system, this attack instead opts to run in memory by loading up files and performing the attack in real time.

Such attacks, often referred to as “living off the land,” are increasingly popular as they leave little in the way of a footprint and require minimal investment in a malware package or automated exploits.

“The attack commences with a suspicious archive file containing an LNK file disguised as a PDF document,” Cyble explains.

“This deception is designed to trick users into executing the malicious LNK file, which in turn triggers a series of covert actions in the background.”

From there, the attackers look to perform standard intelligence operation activities, logging system data and user activity with the ultimate aim of passing that data on to a remote server likely controlled by someone with government ties.

While the exact name of the threat actor or its government ties could not be made, it’s not hard to figure out who would have an interest in spying on the attendees of a conference focused on the Taiwan and U.S. defense industry.

“Chinese threat actors have a well-documented history of targeting Taiwan, particularly around significant political events,” noted Cyble.

“Despite this pattern, the specific [threat actor] behind the current campaign remains unidentified, and we have not been able to link these tactics, techniques, and procedures (TTPs) to any known threat actor or advanced persistent threat (APT) group at this time.”

With the U.S. set to kick off a contentious presidential election season, it is almost a given that foreign intelligence agencies will be looking to meddle with affairs in hopes of tipping the scales in their favor.

Threat actors are likely to be conducting campaigns that include malware installation, disinformation, and data harvesting.

Shaun Nichols

A career IT news journalist, Shaun has spent 17 years covering the industry with a specialty in the cybersecurity field.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds