An advanced persistent threat group affiliated with the Chinese government and tracked as APT10, also known as Stone Panda, the MenuPass group, and Bronze Riverside,has been connected to the supply chain attack on Taiwan’s financial sector. According to Taiwanese cybersecurity firm CyCraft, the campaign started at the end of November 2021 and hit a peak in February 2022. Hackers compromised the supply chain and targeted the software systems of financial institutions, causing “abnormal cases of placing orders” as part of a campaign codenamed “Operation Cache Panda.”
Nation-state attackers exploited a vulnerability in the web management interface of an unspecified securities software and deployed a web shell to deliver the Quasar RAT on the target system. Quasar RAT is publicly available as an open-source tool and allowed the attackers persistent remote access to the infected system. The attack was uncovered amid the presentation of draft amendments to the National Security Act by Taiwan’s Parliament for national security laws aimed at combating Chinese economic and industrial espionage efforts. Violation of the law could carry up to a 12-year prison sentence. In addition, individuals and organizations that support Chinese companies could face up to a $350,000 fine.