Our website uses cookies to give you the best and most relevant experience. By clicking on accept, you give your consent to the use of cookies as per our privacy policy. Accept

Cybersecurity News in Asia

RECENT STORIES:

SEGA moves faster with flow-based network monitoring
ONESECURE Unveils Innovative WEBYITH Service to Combat Web Defacement ...
Threat researchers uncover jailbreak exposing deep safety vulnerabilit...
When talking sense into AI power mongers fails, talk $$$: A message fr...
O.NE People and Prighter Forge Alliance to Deliver AI-Driven Privacy C...
APT threats: Prevention is better than cure
LOGIN REGISTER
CybersecAsia
  • Features
    • Featured

      When talking sense into AI power mongers fails, talk $$$: A message from AI

      When talking sense into AI power mongers fails, talk $$$: A message from AI

      Thursday, August 14, 2025, 12:26 PM Asia/Singapore | Features, Newsletter
    • Featured

      From insight to action: Securing APAC’s future with AI-driven cybersecurity

      From insight to action: Securing APAC's future with AI-driven cybersecurity

      Wednesday, August 13, 2025, 10:07 AM Asia/Singapore | Features
    • Featured

      Experts weigh in on Singapore’s response to UNC3886

      Experts weigh in on Singapore’s response to UNC3886

      Friday, August 8, 2025, 10:45 PM Asia/Singapore | Features, Newsletter, Opinions
  • Opinions
  • Tips
  • Whitepapers
  • Awards 2025
  • Directory
  • E-Learning

Select Page

LOGIN REGISTER
  • Features
    • Featured

      When talking sense into AI power mongers fails, talk $$$: A message from AI

      When talking sense into AI power mongers fails, talk $$$: A message from AI

      Thursday, August 14, 2025, 12:26 PM Asia/Singapore | Features, Newsletter
    • Featured

      From insight to action: Securing APAC’s future with AI-driven cybersecurity

      From insight to action: Securing APAC's future with AI-driven cybersecurity

      Wednesday, August 13, 2025, 10:07 AM Asia/Singapore | Features
    • Featured

      Experts weigh in on Singapore’s response to UNC3886

      Experts weigh in on Singapore’s response to UNC3886

      Friday, August 8, 2025, 10:45 PM Asia/Singapore | Features, Newsletter, Opinions
  • Opinions
  • Tips
  • Whitepapers
  • Awards 2025
  • Directory
  • E-Learning
News

Squarely in the crosshairs of APT actors: Taiwan’s drone industry

By CybersecAsia editors | Tuesday, September 17, 2024, 8:31 AM Asia/Singapore

Squarely in the crosshairs of APT actors: Taiwan’s drone industry

A recently discovered series of cyberattacks indicate that the industry is of malicious strategic value to adversaries of Taiwan

In a recent escalation of customer cyber incidents involving “strange behavior” of an old (2010) version of Microsoft Word, a cybersecurity firm has sniffed out a new potentially persistent threat (APT) campaign against drone manufacturers in Taiwan.

Upon investigation, it was found that a dynamic link library used by Winword.exe had been replaced with a malicious copy. The latter’s function is to ensure that the targeted version of Microsoft Word was being used; to mount an encrypted payload; to silence popular antivirus, firewall and endpoint detection and response software (blindsiding); and finally establish external command-and-control (C2) from locations based in Taiwan itself.

With C2 established, the payload could collect user and operating system information; execute shellcode; communicate with other infected machines in the network; and surreptitiously exfiltrate various types of data — such as those in remote desktop protocol logs. Notably, the malware processes were leveraging valid digital certificates to bypass various security checks in the targeted systems. Evasion techniques are also in use to wipe traces of the malware activity after execution of dozens of malicious functions.

Other investigations have traced initial infection to enterprise resource planning software (ERP) used throughout the victim organization. It is believed that the ERP software, popularly used in Taiwan, could have been compromised through a supply chain attack. Part of the compromised ERP software was found to contain CVE-2024-40521, a vulnerability with a CVSS score of 8.8.

Similar incidents involving old versions of Microsoft Word were encountered between April and July 2024, concentrated on lateral movements among machines running Windows, but also progressing to Windows servers.

According to a spokesperson from the Acronis Threat Research Unit, the people who discovered the likely-advanced persistent threat campaign, the drone industry (comprising small- to medium-sized businesses) in Taiwan has been targeted due to its global reach extending to military applications, a wealth of sensitive information that could be weaponized for espionage, and potential value in geopolitical agendas.

Share:

PreviousPets may be Man’s best friends, but passwords containing their names are not
NextThe Race to Adapt

Related Posts

With Q1 2025 over, research teams fine-tune their cyber predictions for the rest of the year

With Q1 2025 over, research teams fine-tune their cyber predictions for the rest of the year

Friday, May 2, 2025

Securing digital payments growing trickier for the financial sector

Securing digital payments growing trickier for the financial sector

Monday, June 28, 2021

Ryuk ransomware attacks in US hospitals

Ryuk ransomware attacks in US hospitals

Tuesday, November 3, 2020

Who needs Halloween when cybercriminals go Trick-or-Treating all year round?

Who needs Halloween when cybercriminals go Trick-or-Treating all year round?

Wednesday, November 2, 2022

Leave a reply Cancel reply

You must be logged in to post a comment.

Voters-draw/RCA-Sponsors

Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
previous arrow
next arrow

CybersecAsia Voting Placement

Gamification listing or Participate Now

PARTICIPATE NOW

Vote Now -Placement(Google Ads)

Top-Sidebar-banner

Whitepapers

  • 2024 Insider Threat Report: Trends, Challenges, and Solutions

    2024 Insider Threat Report: Trends, Challenges, and Solutions

    Insider threats continue to be a major cybersecurity risk in 2024. Explore more insights on …Download Whitepaper
  • AI-Powered Cyber Ops: Redefining Cloud Security for 2025

    AI-Powered Cyber Ops: Redefining Cloud Security for 2025

    The future of cybersecurity is a perfect storm: AI-driven attacks, cloud expansion, and the convergence …Download Whitepaper
  • Data Management in the Age of Cloud and AI

    Data Management in the Age of Cloud and AI

    In today’s Asia Pacific business environment, organizations are leaning on hybrid multi-cloud infrastructures and advanced …Download Whitepaper
  • Mitigating Ransomware Risks with GRC Automation

    Mitigating Ransomware Risks with GRC Automation

    In today’s landscape, ransomware attacks pose significant threats to organizations of all sizes, with increasing …Download Whitepaper

Middle-sidebar-banner

Case Studies

  • PT Kereta Api Indonesia announces nationwide email and communication overhaul

    PT Kereta Api Indonesia announces nationwide email and communication overhaul

    The state railway operator’s upgraded email system improves privacy, operational reliability, and regulatory alignment for …Read more
  • Operationalizing sustainability in cybersecurity: Group-IB’s approach

    Operationalizing sustainability in cybersecurity: Group-IB’s approach

    See how the firm turned malware-group takedowns into measurements of sustainability and resilience gains: by …Read more
  • Thai government expands secure email management to close cybersecurity gaps

    Thai government expands secure email management to close cybersecurity gaps

    New measures address cybersecurity gaps in public sector communications, deploying advanced protections and operational support …Read more
  • How Iress optimized global DevSecOps

    How Iress optimized global DevSecOps

    Scaling compliance, security & efficiency – while seamlessly migrating to the cloud – with JFrog.Read more

Bottom sidebar

  • Our Brands
  • DigiconAsia
  • MartechAsia
  • Home
  • About Us
  • Contact Us
  • Sitemap
  • Privacy & Cookies
  • Terms of Use
  • Advertising & Reprint Policy
  • Media Kit
  • Subscribe
  • Manage Subscriptions
  • Newsletter

Copyright © 2025 CybersecAsia All Rights Reserved.