2024 is a record-breaking year for elections around the globe, with over 60 countries home roughly half of the world’s population is set to hold national elections. On 13 January 2024, Taiwan kicked off this super-election year with its presidential and legislative elections.
At TeamT5, we are pleased to see that the election concluded smoothly, without any successful disruptions by cyber attackers. We believe this achievement is a result of the hard work and dedication of many individuals and organizations. Their collective efforts have ensured the election process remained secure and trustworthy.
Despite the overall success, TeamT5 believes that we must not overlook the challenges posed by state-sponsored cyber threats. Our team has worked tirelessly to identify and analyze numerous malicious activities and disinformation campaigns, particularly those associated with state-linked influence operation (IO) actors or Advanced Persistent Threat (APT) groups. This whitepaper will detail the specific tactics, techniques, and procedures (TTP) used by these actors, hoping to provide valuable insights into their operations.
The cyber threat landscape is ever-changing, with adversaries constantly improving their attacking methods. During this election cycle, we noticed that these threat actors have enhanced their capabilities, employing more sophisticated and innovative techniques to target a broader array of platforms. This whitepaper not only shares our discoveries but also illustrates the importance of continuously updating our cyber defense strategies to stay ahead of potential threats.
We are committed to evolve our threat intelligence to counteract these cyber threats. Through this whitepaper, we aim to share our strategic findings, hoping to equip other democracies, especially those facing upcoming elections, with better understanding of cyberattacks aiming to disrupt the democratic process. We hope it serves as a practical resource for cyber threat intelligence experts in democratic countries, helping them to anticipate and mitigate cyber threats effectively.
Research Highlights
1. Prior to the 2024 elections, Taiwan has faced an array of sophisticated cyber threats, all aimed at destabilizing the democratic processes and undermining public trust in the electoral system. Overall, China-nexus actors accounted for a major part of the targeted attacks.
2. Chinese Advanced Persistent Threat (APT) groups have targeted multiple entities in Taiwan, especially the journalism and media industry. Notably, not only pro-democracy or pan-green media have fallen into prey. Our database suggests that domestic television operators and newspapers, some perceived as pro-unification or pro-China, have also been the primary targets.
3. On the other hand, China has also been weaponizing social media platforms to spread disinformation and propaganda against Taiwan. While we observed sparse suspicious activities attacking the ruling party since early 2023, it was not until November that we detected significant influence operations. We summarized three key trends of China’s influence operations during the elections:
(1) Expanded Target Scope
(2) AI-Enabled Campaigns across Various Platforms
(3) Fake News Sites and Whistleblower Sites
(1) Expanded Target Scope
(2) AI-Enabled Campaigns across Various Platforms
(3) Fake News Sites and Whistleblower Sites
4. From late November 2023, we have detected China-nexus hack and leak incidents, corresponding with the following influence operations aimed at diminishing public trust toward Taiwan’s current ruling party, the Democratic Progressive Party (DPP). These campaigns mark a strategic adoption of “hack-and-leak” methods, a notable shift in hybrid warfare tactics. We highlight a significant campaign named “Operation ScoopSpy.” It is very likely that their goals are to sow chaos and discredit pro-democracy politicians regardless of which candidate or political party wins in the elections.
5. China’s approach to influencing Taiwan’s political landscape, particularly around the2024 elections, underscores a long-term strategy. Advanced Persistent Threat (APT) groups and influence operation (IO) actors linked to China have shown a deep understanding of their targets, indicating thorough preparation and research. This meticulous groundwork has led to a troubling synergy between cyber espionage efforts and influence operations.
To receive the whole whitepaper, please fill up the form below.