DPP group found behind cyberattack

A recent cyberattack on an unnamed technology company in Guangzhou, Guangdong province, was traced to a hacker group affiliated with Taiwan's Democratic Progressive Party, according to local police.

The public security bureau in the city's Tianhe district released the findings of its investigation on Tuesday, vowing to continue cracking down on the criminal networks and those behind them.

Investigators said the Taiwan hacker group frequently used open-source tools to carry out extensive reconnaissance of more than 1,000 critical network systems in over 10 provincial-level regions across the Chinese mainland. Targets included networks in the military, energy, hydropower, transportation and government sectors.

The group gathered basic system information and technical intelligence, and launched multiple cyberattacks using various methods, including mass phishing campaigns, exploiting known vulnerabilities, brute-force password attacks and deploying rudimentary homemade Trojan programs.

Over the past year, the group has significantly ramped up both the scale and frequency of its attacks against mainland targets, the bureau said, calling it clear evidence of malicious intent to disrupt and cause damage.

Technical specialists from the bureau said the group's self-developed Trojan software was poorly coded, leaving numerous digital traces that allowed police to track its activities, identify suspects and locate their online operations.

Although the group attempted to mask its origins by routing attacks through IP addresses based in the United States, France, South Korea, Japan, the Netherlands, Israel and Poland, the bureau said a detailed cyber-investigation uncovered the full scope of its activities and revealed its true source.

The most recent attack on the Guangzhou tech company was disclosed by the bureau last week. Authorities described it as a large-scale, coordinated assault with hallmarks of cyber warfare, far beyond the capability of ordinary hackers.

Police stressed the importance of cybersecurity in protecting national interests and encouraged the public to report online threats promptly.

China is now capable of detecting large-scale, sophisticated and sustained cyberattacks launched by overseas groups, authorities said.

Zhou Hongyi, founder of Chinese cybersecurity company 360, said that after more than a decade of defending against such attacks — known as Advanced Persistent Threats — his team has developed a comprehensive understanding of their tactics and created a simulation model based on behavioral pattern analysis.

"This comprehensive threat intelligence, coupled with verified attribution methods from real-world operations, has become vital for 360's efforts in tracking and pinpointing APTs," Zhou said.

He added that 360 has independently identified 57 overseas APT organizations, including five based in Taiwan.