Summary: Hackers linked to China-based groups, especially UAT-5918, are targeting critical infrastructure in Taiwan to gain long-term access and steal sensitive information. This malicious activity aligns with tactics used by other state-backed groups, such as Volt Typhoon and Flax Typhoon, which have been known to exploit vulnerabilities in internet-facing systems. The U.S. has heightened its scrutiny towards these cyber threats amid rising tensions between China and Taiwan.

Affected: Taiwan’s critical infrastructure and related organizations

Keypoints :

• UAT-5918 targets Taiwan’s telecommunications, healthcare, and IT sectors.
• Hackers exploit vulnerabilities in web and application servers to gain network access.
• Flax Typhoon and Volt Typhoon are known for similar espionage tactics and have global targets.
• The FBI has intervened in Flax Typhoon’s operations, removing malware and controlling botnet infrastructure.
• China’s military has accused individuals in Taiwan of cyberattacks against the mainland.
• ESET’s report links another campaign, Operation FishMedley, to the same pattern of Chinese state-backed activities.