Cyberwarfare / Nation-State Attacks
,
Fraud Management & Cybercrime
Supposed Taiwanese State Hackers Unmasked by China’s Ministry of State Security
Nothing beats messing with your adversaries’ heads than taking a page from their psychological operations playbook.
See Also: Future-Proof Your Business: A Comprehensive Guide to Application Modernization and Development for Public and Private Sectors
On Monday, China’s Ministry of State Security, the country’s main civilian intelligence and counterintelligence service, published what it said are the identities of four Taiwanese nation-state hackers, including their names, dates of birth, job titles and identification numbers, and headshots.
An article posted Monday to the official English-language website for China’s Ministry of National Defense detailed the statement, which calls Taiwanese independence a “fantasy” and urges the individuals to “cease their cybercriminal activities that undermine national unity” and not “become cannon fodder.” The MSS said the four individuals work for Taiwan’s Information, Communications and Electronic Force Command.
The public relations campaign against the men, who appear to be part of the Taiwanese cyber command’s Network Environment Research and Analysis Center, clearly borrows “from the U.S. approach to public attribution,” cybersecurity researcher Oleg Shakirov said in a post to social platform X.
Three Chinese cybersecurity firms additionally issued separate reports into hacking activity they attributed to Taiwan. “One can only speculate about the degree of coordination, but apparently, the firms were encouraged to post anything they have on Taiwan,” he said.
That attribution tactic was pioneered by the U.S. government in 2014, when it indicted five Chinese military hackers. The United States has continued to regularly name alleged Chinese government agents, contractors and businesses it accuses of perpetrating hacks and cyberattacks against American institutions on behalf of Beijing.
Given the scant likelihood of U.S. authorities ever being able to detain these military, intelligence and private individuals, the indictments and often accompanying sanctions stand as a diplomatic rebuke, essentially saying to Beijing: “We see what you’re doing.”
While this is the first time Beijing has used that tactic itself to accuse Taiwanese nation-state hackers by name, it has previously attempted to highlight the advanced, persistent threats. These include the efforts of APT-C-01, aka APT-Q-20, PoisonVine and GreenSpot, active since 2007; and APT-C-12, aka Sapphire Mushroom, active since 2011.
“Taiwan has had an active and capable offensive cyber force for more than a decade,” said Valentin Weber, a senior research fellow at German Council on Foreign Relations’ Center for Geopolitics, Geoeconomics and Technology, in a 2022 report.
As part of those efforts, in 2017, the Taiwanese government launched the Information, Communications and Electronic Force Command, part of the Ministry of National Defense, designed to create a national cyber force, including for offensive operations.
At the time, Taiwan President Tsai Ing-wen declared that “cybersecurity is national security.”
The ICEF handles not only cyber but also communication and electronic warfare units, according to the German Council on Foreign Relations.
“The vast majority of ICEF operations probably occur in the gray zone, below the threshold of armed conflict,” Weber said. “Given Taiwanese operators’ capabilities, it is reasonable to assume that they would try to disrupt Chinese cyber groups before they can launch attacks and provide technical guidance to Taiwanese organizations on how to counter common malware and vulnerabilities.”
Intelligence analysts say Chinese president Xi Jinping has ordered the Chinese military to be ready to conquer a ground invasion of Taiwan by 2027.
In the event that happens, experts say the ICEF would likely be deployed to try and slow any Chinese invasion.