Taipei, Hackers known as the Winnti Group were behind recent ransomware attacks on Taiwan’s two largest fuel suppliers, Taiwan’s Investigation Bureau said Friday, and it warned that similar attacks on 10 domestic companies are likely in the coming days.
On May 4, state-run CPC Corp., Taiwan announced that its computer system had been infected with ransomware, causing payment issues at gas stations.
Formosa Petrochemical Corp. reported similar issues the following day, to which it responded by shutting down its computer systems company-wide.
Powertech Technology Inc., a Hsinchu-based semiconductor firm, also reported a ransomware attack on May 5.
At a press conference Friday, members of the Investigation Bureau said the Winnti Group, which is believed to be Chinese in origin, likely had access to the companies’ computer systems for months before it carried out the attacks.
According to Liu Chia-jung (劉家榮), deputy director of the bureau’s Information Security Workstation, the hackers gained access to target companies’ Active Directory (a technology for managing computers and other devices within a network) and used its task scheduling function to distribute the ransomware throughout the company’s computer network.
When employees’ computers tried to access the network at the start of the work day, a message would appear stating that their files had been encrypted and demanding a ransom of US$3,000 to unlock them, Liu said.
The bureau has requested help from international authorities investigating six German and Swiss email accounts believed to be connected to the crimes, Liu said.
It has also asked American authorities to investigate a U.S.-based company from which the group rented a virtual private server (VPS).
The bureau indicated it had information showing that the hacker group planned to carry out similar attacks on 10 other Taiwanese companies in the coming days, but said it did not know which companies are being targeted.
Based on a behavioral analysis, the hackers likely infiltrated the target companies’ computer systems several months ago, the bureau said, and it has advised companies on several steps they could take to increase their digital security.
CPC, which local media reported was suffering computer issues again on Thursday, released a statement Friday blaming the issue on an operational error, and said it had strengthened its information security procedures following the May 4 attack.
Source: Focus Taiwan News Channel