Cybersecurity News in Asia

Squarely in the crosshairs of APT actors: Taiwan’s drone industry

By CybersecAsia editors | Tuesday, September 17, 2024, 8:31 AM Asia/Singapore

A recently discovered series of cyberattacks indicate that the industry is of malicious strategic value to adversaries of Taiwan

In a recent escalation of customer cyber incidents involving “strange behavior” of an old (2010) version of Microsoft Word, a cybersecurity firm has sniffed out a new potentially persistent threat (APT) campaign against drone manufacturers in Taiwan.

Upon investigation, it was found that a dynamic link library used by Winword.exe had been replaced with a malicious copy. The latter’s function is to ensure that the targeted version of Microsoft Word was being used; to mount an encrypted payload; to silence popular antivirus, firewall and endpoint detection and response software (blindsiding); and finally establish external command-and-control (C2) from locations based in Taiwan itself.

With C2 established, the payload could collect user and operating system information; execute shellcode; communicate with other infected machines in the network; and surreptitiously exfiltrate various types of data — such as those in remote desktop protocol logs. Notably, the malware processes were leveraging valid digital certificates to bypass various security checks in the targeted systems. Evasion techniques are also in use to wipe traces of the malware activity after execution of dozens of malicious functions.

Other investigations have traced initial infection to enterprise resource planning software (ERP) used throughout the victim organization. It is believed that the ERP software, popularly used in Taiwan, could have been compromised through a supply chain attack. Part of the compromised ERP software was found to contain CVE-2024-40521, a vulnerability with a CVSS score of 8.8.

Similar incidents involving old versions of Microsoft Word were encountered between April and July 2024, concentrated on lateral movements among machines running Windows, but also progressing to Windows servers.

According to a spokesperson from the Acronis Threat Research Unit, the people who discovered the likely-advanced persistent threat campaign, the drone industry (comprising small- to medium-sized businesses) in Taiwan has been targeted due to its global reach extending to military applications, a wealth of sensitive information that could be weaponized for espionage, and potential value in geopolitical agendas.

Leave a reply Cancel reply

You must be logged in to post a comment.

Voters-draw/RCA-Sponsors

CybersecAsia Voting Placement

Gamification listing or Participate Now

Vote Now -Placement(Google Ads)

Top-Sidebar-banner

Whitepapers

Closing the Gap in Email Security:How To Stop The 7 Most SinisterAI-Powered Phishing Threats
Insider threats continue to be a major cybersecurity risk in 2024. Explore more insights on …Download Whitepaper
2024 Insider Threat Report: Trends, Challenges, and Solutions
Insider threats continue to be a major cybersecurity risk in 2024. Explore more insights on …Download Whitepaper
AI-Powered Cyber Ops: Redefining Cloud Security for 2025
The future of cybersecurity is a perfect storm: AI-driven attacks, cloud expansion, and the convergence …Download Whitepaper
Data Management in the Age of Cloud and AI
In today’s Asia Pacific business environment, organizations are leaning on hybrid multi-cloud infrastructures and advanced …Download Whitepaper

Middle-sidebar-banner

Case Studies

India’s WazirX strengthens governance and digital asset security
Revamping its custody infrastructure using multi‑party computation tools has improved operational resilience and institutional‑grade safeguardsRead more
Bangladesh LGED modernizes communication while addressing data security concerns
To meet emerging data localization/privacy regulations, the government engineering agency deploys a secure, unified digital …Read more
What AI worries keep members of the Association of Certified Fraud Examiners sleepless?
This case study examines how many anti-fraud professionals reported feeling underprepared to counter rising AI-driven …Read more
Meeting the business resilience challenges of digital transformation
Data proves to be key to driving secure and sustainable digital transformation in Southeast Asia.Read more

Bottom sidebar

Other News

Blackpanda Japan Announces Strategic Partnership with SoftBank to Strengthen Cyber Incident Response in Japan
Wednesday, February 11, 2026
SINGAPORE, Feb. 10, 2026 /PRNewswire/ …Read More »
Cohesity Collaborates with Google Cloud to Deliver Secure Sandbox Capabilities and Comprehensive Threat Insights Designed to Eliminate Hidden Malware
Saturday, February 7, 2026
Embedded Google Threat Intelligence capabilities, …Read More »
Shield AI, Republic of Singapore Air Force, and Defence Science and Technology Agency Expand Partnership to Progressively Field Autonomy Capabilities
Thursday, February 5, 2026
SINGAPORE, Feb. 5, 2026 /PRNewswire/ …Read More »
ICAC Commissioner attends APEC anti-corruption meetings in Guangzhou to foster collaborations in the Asia Pacific region
Thursday, February 5, 2026
HONG KONG, Feb. 4, 2026 …Read More »
VIVOTEK Enhances VORTEX with Generative AI and Safety Detection
Tuesday, February 3, 2026
Expanding the cloud security ecosystem …Read More »

Featured

Where are financial fraud and AML regulations heading in S E Asia?

Featured

How AI is reshaping dating in Asia

Featured