Taiwan Details

    Organization Logo

    Taiwan

    Taipei364700 employees • Governments

    https://www.taiwan.gov.tw/
    Taiwan

    Industry

    Governments

    Security Incidents

    1

    Taiwan, officially the Republic of China (ROC), is a country in East Asia, located on the island of Taiwan, with its capital in Taipei. The island was initially settled by Austronesian peoples and was subject to various colonial influences over the centuries, including Dutch and Spanish rules and later becoming part of the Qing Dynasty. After the Chinese Civil War in 1949, the government of the Republic of China retreated to Taiwan, and it has since maintained a separate government from the People's Republic of China (PRC) on the mainland.

    Taiwan is known for its robust economy, which is driv...
    Show more

    Security Incidents

    Taiwan Breach of Sep 2024
    Severity Score
    High

    Type

    Phishing Attack

    Summary

    In September 2024, the Chinese APT group known as Earth Baxia targeted a government organization in Taiwan and other entities within the Asia-Pacific region by exploiting a Remote Code Execution (RCE) vulnerability in GeoServer (CVE-2024-36401). This flaw, caused by unsafe evaluation of property names as XPath expressions, has a CVSS score of 9.8 and affects GeoServer versions prior to 2.23.6, 2.24.4, and 2.25.2.

    The threat actors used spear-phishing emails to initially compromise systems, deploying customized Cobalt Strike components and a new backdoor named EAGLEDOOR, which supports communi...
    Show more

    Severity

    The cyber attack by Chinese APT group Earth Baxia, which exploited a severe Remote Code Execution (RCE) vulnerability in GeoServer (CVE-2024-36401, CVSS score 9.8), had targeted multiple government organizations and industries across various countries in the Asia-Pacific region. Spear-phishing emails and advanced techniques like AppDomainManager injection were employed to deploy sophisticated malware such as Cobalt Strike components and the EAGLEDOOR backdoor, which supports multiple communication protocols. Considering the high impact, advanced methods, and the critical sectors affected, the ...
    Show more

    Impact

    The China-linked APT group Earth Baxia orchestrated a sophisticated cyber espionage campaign primarily targeting government organizations and industries in the Asia-Pacific region. The group exploited a critical Remote Code Execution (RCE) vulnerability in OSGeo GeoServer, specifically CVE-2024-36401. Leveraging spear-phishing emails with malicious attachments, they infiltrated systems and deployed customized Cobalt Strike components and a new backdoor dubbed EAGLEDOOR.

    Customer and internal data were both at risk, particularly sensitive government information from Taiwan, the Philippines, So...
    Show more

    KEEP YOUR ENVIRONMENT SECURE

    Weak credentials are the leading cause of breaches. Beyond Identity can help.

    See MFA exploits in action
    Watch how adversaries exploit companies in quick videos