Taiwan has been a regular target of cyber espionage threat actors for a number of years.
That’s according to Palo Alto Networks, a cyber security firm that says Taiwan is being targeted because of its emerging economy and growth.
In early August, Unit 42 identified two attacks using similar techniques. The firm found that the more interesting one was a targeted attack towards the Secretary General of Taiwan’s Government office – Executive Yuan.
The Executive Yuan Council evaluates statutory and budgetary bills and bills concerning martial law, amnesty, declaration of war, conclusion of peace and treaties, and other important affairs.
The second attack was against an energy sector company also located in Taiwan.
All attacks in this case are associated with a campaign called Tropic Trooper, which has been active since at least 2011 and is known for heavily targeting Taiwan.
According to Palo Alto, one of the attacks used their known Yahoyah malware, but the other attack deployed the widely available Poison Ivy RAT.
Further analysis uncovered a handful of ties indicating the actors may also be using the PCShare malware family, which has not been previously tied to the group.
“As we have noted in many earlier reports, attackers commonly use decoy files to trick victims into thinking a malicious document is actually legitimate,” Palo Alto reported.
“After infecting the computer, they display a clean document to the victim that contains content that is relevant to them.”