Chinese RedJuliett Exploiting Firewalls, VPNs, & Load Balancers

A suspected Chinese assert-backed cyberespionage group, RedJuliett, centered the Taiwanese authorities and academic, technological, and diplomatic organizations between November 2023 and April 2024.

They exploited vulnerabilities in firewalls, VPNs, and load balancers to create initial score entry to to victim networks, seemingly originating from Fuzhou, China, which aligns with China’s ardour in Taiwan and suggests an are attempting to amass intelligence on Taiwan’s financial and diplomatic affairs, as neatly as technological advancements.

It has intensified its assaults on the Taiwanese authorities, academic, and technological establishments, as it has been known that the campaign targets these sectors from November 2023 to April 2024.

RedJuliett’s plot exciting community reconnaissance and tried exploitation, with a specialise in compromising VPN score entry to functions. This plot aligns with the group’s previous activities and demonstrates an growth beyond Taiwan, with targets known in Hong Kong, Southeast Asia, South Korea, the US, and Africa.

A suspected Chinese assert-backed possibility actor employed a multi-pronged attack plot in opposition to Taiwanese targets by exploiting vulnerabilities in internet-facing devices (firewalls, VPNs) to create initial score entry to.

Past these vulnerabilities, RedJuliett leveraged SQL injection and listing traversal ways to compromise web applications and databases. To mitigate these assaults, organizations must prioritize routine patching and implement defense-in-depth recommendations.

These recommendations must focal point on figuring out lingering malicious presences, uncovering compromised programs, and stopping lateral dart internal the community.

It’s some distance mostly suggested that corporations habits in model audits of devices linked to the Web to lower their doable attack surface.

RedJuliett, a cyberespionage group, compromised 24 organizations, including authorities entities across Taiwan, Laos, Kenya, and Rwanda, by focusing on over 70 extra organizations in Taiwan, including academic establishments, authorities companies, sing tanks, and technology corporations, for reconnaissance or tried infiltration.

Their recommendations exciting setting up SoftEther VPN score entry to functions internal victim networks, the utilize of Acunetix scanners for vulnerability discovery, and exploiting weaknesses esteem SQL injection and listing traversal.

After gaining initial score entry to, RedJuliett deployed initiate-source web shells and leveraged a Linux privilege escalation vulnerability to take care of persistence and presumably escalate privileges.

In accordance to the Insikt Community, the corporate’s operations are utilized via a aggregate of self-controlled leased servers and compromised infrastructure from Taiwanese universities.

This infrastructure is managed via SoftEther VPN, a instrument that lets within the group to tunnel malicious site visitors out of victim networks, whose targets consist of authorities companies and excessive technology corporations in Taiwan, aligning with China’s targets of gathering intelligence on Taiwan’s financial and technological advancements.