Initial Access Brokers (IABs) are actively targeting Taiwanese organizations, as evidenced by an uptick in listings on cybercriminal forums, which aligns with broader geopolitical tensions in the South China Sea region.
IABs operating within a structured cybercriminal ecosystem facilitate access for ransomware groups, data brokers, and APTs. By providing initial footholds into corporate networks, it plays a critical role in enabling these threat actors to execute their malicious campaigns.
Taiwan experienced a significant surge in IAB listings from Q2 to Q3 2024, increasing by a factor of 2.7, which propelled Taiwan to the highest quarterly position in 2024 for Taiwan-based access listings within the IAB ecosystem.
In Q3 2024, advertisements targeting Taiwanese organizations constituted 1.9% of all listings, ranking it as the thirteenth most targeted country among the 60 targeted. Excluding US-based organizations, Taiwan accounted for a substantial 2.7% of the remaining listings, a significant increase from the 0.71% observed in Q2.
Taiwan’s prominent semiconductor industry, particularly TSMC, makes it a prime target for state-sponsored threat actors, as high-revenue organizations in Taiwan are frequently targeted by cybercriminals, with a mean average targeted revenue significantly higher than the global average.
The surge in AI demand has increased the value of semiconductor production access, making Taiwanese organizations attractive to threat actors interested in IP theft and geopolitical advantage.
The targeted sectors, including software, manufacturing, electronics, and computer equipment, reflect the high value of semiconductor technology and its supply chain.
Ransomware groups and APTs are increasingly leveraging Initial Access Brokers (IABs) to gain unauthorized access to corporate networks.
Groups like Medusa and the self-proclaimed APT are actively soliciting access from IABs on cybercriminal forums, offering various payment models, including upfront fees, percentage-based commissions, or a combination of both.
These malicious actors are then exploiting these compromised networks to conduct extortion and cyberespionage campaigns, posing significant threats to organizations worldwide.
Cyjax observed a significant rise in cyberattacks targeting Taiwan in Q3 2024, coinciding with heightened geopolitical tensions, which suggests a link between geopolitics and cybercrime.
The rise could be due to threat actors exploiting the Initial Access Broker (IAB) market to target Taiwan, or the increased targeting driving more listings for Taiwan on IAB marketplaces.
Interestingly, while TSMC, a major chipmaker in Taiwan, wasn’t directly compromised, a China-linked APT group used TSMC-themed lures to target the East Asian semiconductor industry earlier.
This APT group focuses on R&D institutions and gathers intelligence for economic espionage, as the case of ransomware group Akira purchasing access on the dark web (likely IABs) further highlights the role of IABs in cybercrime.
.webp?w=1200&resize=1200,0&ssl=1 "Rekoobe Backdoor May Be Targeting Trading View Users via Open Directories")
%20are%20actively%20targeting%20Taiwanese%20organizations,%20as%20evidenced%20by%20an%20uptick%20in%20listings%20on%20cybercriminal%20forums.){kind=link}