In Black Hat Asia 2023, TeamT5’s threat intelligence researchers Yue-Tien Chen and Zih-Cing Liao (aka DuckLL) warn that APT groups spy on the Taiwan media industry.
Based on analysis, these China-nexus APT groups are Amoeba(aka APT41, Winnti), Huapi (aka BlackTech, PLEAD), Goushe (aka APT23, KeyBoy), SLIME25 (aka APT24), SLIME50, and SLIME51.
For the reason that APT groups spy on the media, we can identify three main motivations: information collection, political relationships, and information operation. The first and most obvious reason is information collection. Media are excellent sources for collecting unique information. If an APT group comprises a media organization, it can quickly get a lot of valuable information.
Secondly, media organizations often have complex political relationships. Besides obtaining political news, the media is also a good resource for social-engineering attacks. Actors can target politicians through their contact channels.
The third motivation is information operation. Fake news is a significant challenge in the information explosion era. Most people still tend to believe news from credible media. If an APT group comprises a media organization and spreads false information, this may control public opinion, sow discord, and make politics unstable.
Based on the purpose of the series of Chinese APT attacks, we name it Operation Clairvoyance . Clairvoyance(千里眼) is an ancient Chinese deity with the ability to see things from thousands of miles away.
Our research shows that media companies need to take more approaches to protect their systems and data. We also suggest media companies establish clear policies for handling sensitive data and to ensure that all employees understand and follow them. shows that media companies need to take more approaches to protect their systems and data. We also suggest media companies establish clear policies for handling sensitive data and to ensure that all employees understand and follow them.
- Presentation slides: link
About Black Hat Asia
Black Hat is the world’s leading information security event, and remains the best and biggest event of its kind. It provides attendees with cutting-edge security research, development and trends, and has the ability to define tomorrow’s information security landscape. Black Hat Asia is an Black Hat extended event which is held in Singapore annually.