Something doesn't look right?

Taiwan Research Institute Data Breach Jul 2022

CVE-2018-0824

CVE-2024-4577

Subscribe for weekly updates

Security Incident Summary

Severity Score

Significant to High

Organization

Taiwan Research Institute

Threat Actor

APT41

Actor Type

APT

Type of Breach

Malware Attack

News Timeline

Aug 21, 2024

Additional Report

Taiwan University Under Fire From Unique DLL Backdoor darkreading.com - A newly identified backdoor called Msupedge has been discovered targeting a Taiwan university, using an uncommon technique of communicating with its command-and-control (C2) server via DNS traffic. Re...
Show more

Aug 19, 2024

Additional Report

Msupedge Backdoor Exploiting DNS Tunneling (Campaign) threats.wiz.io - Backdoor.Msupedge was discovered to have attacked a Taiwanese university by leveraging a vulnerability in PHP (CVE-2024-4577) to gain remote code execution, using an uncommon method of DNS tunneling f...
Show more

Aug 05, 2024

Additional Report

China-linked APT41 breached Taiwanese research institute securityaffairs.com - The attack beginning in July 2023 on a Taiwanese government-affiliated research institute by the APT41 group involved the deployment of ShadowPad malware using an outdated Microsoft Office IME binary ...
Show more

Aug 02, 2024

Initial Disclosure

China's APT41 Targets Taiwan Research Institute for Cyber Espionage darkreading.com - APT41 compromised a government-affiliated institute in Taiwan in July 2023 by leveraging multiple malware tools, including two versions of ShadowPad and Cobalt Strike, alongside a custom loader exploi...
Show more

Aug 01, 2024

Official Report

APT41 likely compromised Taiwanese government-affiliated research institute with ShadowPad and Cobalt Strike blog.talosintelligence.com - In August 2023, Cisco Talos identified that the APT41 group used a unique Cobalt Strike loader in a breach of a Taiwanese government-affiliated research institute, leveraging simplified Chinese and a ...
Show more

Additional Report

Chinese Hackers Targeted Taiwanese Research Institute with ShadowPad and Cobalt Strike thecyberexpress.com - The campaign exploited an outdated version of the Microsoft Office IME binary and utilized unique tools such as a GoLang-based Cobalt Strike loader designed to evade Windows Defender, as well as custo...
Show more

Organization Details

Organization Size

200

HQ Location

Unknown

Industry

Energy and Utilities

Security Stack used by Taiwan Research Institute at time of breach (best approximation) Why?

Network Security

VPN/SASE

IDS/IPS

Endpoint Security

EDR

MDM

Identity Management

SSO / MFA

IGA

Application Security

WAF

SCA

Cloud Security

CASB

CWPP

SIEM / Threat Intel

SIEM

TIP

Not right? Contribute more accurate data

What is Taiwan Research Institute?

The Taiwan Research Institute (TRI) was established in 1994 as a privately funded non-profit organization and a non-partisan specialized think tank. It consists of five research divisions, five research centers, and a consult committee. TRI focuses on a range of research topics, primarily energy pol...
Show more

Learn more about recent incidents

9 / 10

Okta Oct, 2023

No known CVEs used

Subscribe for weekly updates

Security Incident Summary

Severity Score

Insignificant

Organization

Threat Actor

Actor Type

Type of Breach

Organization Details

Organization Size

HQ Location

Industry