www.bloomberg.com Open in urlscan Pro
151.101.65.73  Public Scan

Form analysis
0 forms found in the DOM

Text Content

Skip to content



Skip to content
Bloomberg the Company & Its ProductsThe Company & its ProductsBloomberg Terminal
Demo RequestBloomberg Anywhere Remote LoginBloomberg Anywhere LoginBloomberg
Customer SupportCustomer Support

Bloomberg Webinars: Access a broad range of analysis, research, insight & ideas.

MenuSearch
Bloomberg Opinion
Sign InSign OutSubscribe



 * HOME


 * MARKETS


 * TECHNOLOGY


 * POLITICS


 * WEALTH


 * PURSUITS


 * OPINION


 * BUSINESSWEEK


 * NEW ECONOMY


 * EQUALITY


 * GREEN


 * CITYLAB

--------------------------------------------------------------------------------


 * QUICKTAKE


 * BLOOMBERG TV+


 * PODCASTS


 * RADIO


 * BLOOMBERG LIVE

--------------------------------------------------------------------------------


 * NEWSLETTERS


 * WATCHLIST


 * SUBSCRIBE


 * SIGN IN

--------------------------------------------------------------------------------


 * SUBMIT A TIP


 * HELP CENTER


 * LICENSE

Read
 * Bloomberg New Economy
 * Future Finance
 * Wealth
 * Next China
 * Crypto
 * Checkout
 * Hyperdrive
 * Well Spent
 * Prognosis
 * Good Business
 * Billionaires
 * Graphics
 * Sponsored Content
 * Screentime

Watch
 * The David Rubenstein Show
 * The David Rubenstein Wealth Show
 * Art + Technology
 * Future GO

Special Reports
 * Covid-19 Vaccine Tracker
 * What Wall Street Expects for 2021
 * Where to Invest $10,000
 * 50 Companies to Watch
 * Where to Invest $1 Million

Follow
 * Facebook
 * Twitter
 * Instagram
 * LinkedIn


Read
 * Economics
 * Deals
 * Odd Lots
 * The FIX | Fixed Income
 * ETFs
 * FX
 * Factor Investing
 * Alternative Investing
 * Markets Magazine

Watch
 * Daybreak
 * Surveillance
 * Markets
 * What'd You Miss
 * Real Yield
 * Charting Futures
 * Futures in Focus

Follow
 * Twitter
 * Facebook

Data
 * Stocks
 * Currencies
 * Commodities
 * Rates & Bonds
 * Sectors
 * Economic Calendar

SUBSCRIBE
 * Five Things: U.S.
 * Five Things: Europe
 * Five Things: Asia
 * Evening Briefing

Listen
 * What Goes Up
 * Stephanomics
 * Odd Lots
 * Surveillance
 * P&L
 * Trillions


Read
 * Work Shifting
 * Code Wars
 * 5G Network

Special Reports
 * The Elon Musk Tracker
 * Tesla Model 3 Tracker

Watch
 * Bloomberg Technology TV
 * Studio 1.0

Subscribe
 * Fully Charged
 * Power On
 * Game On

Listen
 * Decrypted

Follow
 * Twitter
 * Facebook


Read
 * Election 2020
 * Global Trade Tracker

Listen
 * Sound On
 * Bloomberg Law

Watch
 * Balance of Power

Subscribe
 * Balance of Power

Follow
 * Twitter
 * Facebook


Read
 * Investing
 * Living
 * Opinion & Advice
 * Savings & Retirement
 * Taxes
 * Reinvention

Watch
 * Good Money
 * The David Rubenstein Wealth Show

Listen
 * The Paycheck

Follow
 * Twitter
 * Facebook
 * Instagram


Read
 * Travel
 * Autos
 * Homes
 * Living
 * Culture
 * Style

Special Reports
 * Where to Go in 2021
 * Property Listings
 * London Property Prices
 * New York Property Prices

Watch
 * Made
 * Traveler
 * Invitation Only

Follow
 * Twitter
 * Facebook
 * Instagram


Read
 * Editorials
 * Letters

Follow
 * Twitter
 * Facebook
 * Instagram

Listen
 * Masters in Business

Subscribe
 * Bloomberg Opinion Today
 * Money Stuff
 * Ritholtz's Reads
 * Early Returns
 * Sparklines


Special Reports
 * Business of Equality
 * The Bloomberg 50
 * Best B-Schools
 * Small Business Survival Guide
 * Working From Home
 * 50 Companies to Watch

The Magazine
 * Subscribe
 * Manage

Follow
 * Twitter
 * Facebook
 * Instagram


Watch
 * New Economy Conversation Series
 * 2020 Digital Program Highlights

Subscribe
 * Turning Points

Listen
 * Stephanomics

Follow
 * Twitter
 * Facebook
 * LinkedIn
 * WeChat


Read
 * Corporate Leadership
 * Capital
 * Society
 * Solutions

Follow
 * Twitter
 * Instagram


Read
 * Science & Energy
 * Climate Adaptation
 * Finance
 * Politics
 * Culture & Design

Special Reports
 * Data Dash

Subscribe
 * Green Daily

Follow
 * Twitter
 * Facebook
 * Instagram


Read
 * Design
 * Culture
 * Transportation
 * Economy
 * Environment
 * Housing
 * Justice
 * Government

Subscribe
 * CityLab Daily
 * MapLab
 * Most Popular

Follow
 * Twitter
 * Facebook
 * Instagram
 * LinkedIn


Live
 * Watch Live TV

Original Series
 * Storylines
 * Moonshot
 * Hello World
 * Good Money
 * Game Changers
 * CityLab Solutions
 * Accelerate
 * See all series...

News Shows
 * Take Charge
 * Take a Break
 * Take the Lead
 * Geo

Follow
 * YouTube
 * Twitter
 * Instagram
 * Facebook


Watch Live TV
 * US
 * Europe
 * Asia
 * Australia
 * Schedule+Shows

Shows
 * Surveillance
 * Daybreak
 * Markets
 * Balance of Power
 * Bloomberg Technology
 * The David Rubenstein Show
 * What'd You Miss?
 * All Shows...

Follow
 * YouTube
 * Twitter
 * Facebook


Listen
 * What Goes Up
 * Stephanomics
 * Odd Lots
 * Foundering
 * Masters in Business
 * Surveillance
 * The Tape
 * Businessweek
 * The Pay Check
 * Prognosis
 * Travel Genius
 * Works for Me
 * Trillions
 * All Podcasts…
 * All Radio Shows…



Cut through the chaos with real time updates on the news affecting the global
economy. Enable Notifications.
Enable Later


Technology & Ideas


BEWARE THE CHINESE RANSOMWARE ATTACK WITH NO RANSOM

A different hacking tactic could be a way to distract victims from the
perpetrator’s true motive.

By
Tim Culpan
+Follow
November 17, 2021, 11:00 PM GMT

Tsai Ing-wen during her re-election campaign.

Photographer: Betsy Joles/Bloomberg
Tim Culpan is a Bloomberg Opinion columnist covering technology. He previously
covered technology for Bloomberg News.
Read more opinionFollow @tculpan on Twitter


COMMENTS





LISTEN TO ARTICLE

5:30


SHARE THIS ARTICLE


Share

Tweet

Post

Email


A breach by Chinese hackers of almost a dozen targets in Taiwan looked, on the
surface, like just another ransomware attack: infiltrate a network, encrypt a
ton of files, lock the owners out of their own systems, and wait to be paid. But
this one was different for what it didn’t contain, and portends a type of threat
that could stymie attempts by corporate and government leaders to make their
computer systems more secure. 

Semiconductor maker Powertech Technology Inc., communications provider Chunghwa
Telecom Co., plastics conglomerate Formosa Petrochemical Corp. and state-run
petroleum company CPC Corp. were among those hit in May 2020 by the Chinese
Winnti group. Seven members were indicted by the U.S.  last year for a series
of attacks that allegedly affected more than 100 high-tech and online gaming
companies globally.




Instead of just finding a way into their targets and planting the malicious
ColdLock software, which would later encrypt files, the attackers first
prioritized the installation of backdoor code that would give them continued
access to the chosen computers. That sequence of events was among the clues
researchers at CyCraft Technology Corp. in Taipei used to subsequently
conclude that these weren’t your run-of-the-mill, profit-seeking hackers.


More from

Could This EV Battery SPAC Unblock Supply Chains?
Roe v. Wade Is Probably Doomed
Goldman’s Cloud Will Pitch Trades
Merck’s Covid Drug Will Do for Now, Just in Time for Omicron

CyCraft researched the breach on behalf of some victims, whom it declined to
name, and subsequently identified the perpetrators as a China-based group.
Taiwan’s Investigation Bureau and the U.S. Federal Bureau of Investigation have
also attributed the attack to Chinese actors. Beijing regularly denies hacking,
saying that it firmly opposes and combats cyber attacks.

The shift in tactics could make one of the world’s most prolific cyber armies
even more potent. By mixing its own strategy of stealth and espionage with the
encryption and disruption techniques most-often deployed by Russians, Chinese
state-backed entities could start deploying a new approach to distract and
confuse its enemies while simultaneously stealing secrets or planting
eavesdropping software. 



The virtual meeting between U.S. and Chinese leaders this week may ultimately
help ease tensions. But that’s unlikely to bring a cyber ceasefire or see
Beijing back away from continued network attacks against Taiwan. Last year’s
hack needs to be viewed as a hint of what rivals such as the U.S., U.K., Canada
and Australia can come to expect. 

In a sign of patience and focus, the attackers appear to have waited months
between successfully infiltrating their targets in Taiwan and deploying the code
that would encrypt the victims’ files. By contrast, in the Colonial Pipeline
Co. attack this year, there was a lag of about one week between the time a
virtual private network was breached to the moment an employee saw a ransom note
demanding payment in cryptocurrency. Crucially in the Taiwan campaign, there was
no such note. The attackers didn’t leave payment or contact details, the CyCraft
team noted. 

“This was not a ransom. For this group, they’re not financially motivated,” said
CK Chen, a senior cybersecurity researcher at CyCraft who investigated the
incident. “I think they have two reasons: hide any traces to remove evidence of
their intrusion, and also some political reasons because the attack was launched
one week before Taiwan’s presidential inauguration.” Tsai Ing-wen was sworn in
to her second term in May 2020.

For more than a decade, Chinese hackers have waged a persistent cyber offensive
against Taiwanese government, non-government and corporate targets. Taiwan also
happens to be home to some of the electronics, semiconductor and military
technology that China desperately wants to get its hands on.



In some cases, the goal has been to steal sensitive security intelligence; in
others, theft of intellectual property and commercial secrets. But hackers
generally do it quietly, maintaining stealth so victims aren’t alerted. This
sustained threat has given birth to a growing ecosystem of cybersecurity teams
in Taiwan that defend the frontlines in the battle against Chinese hackers, many
of whom work for the state as outlined by the Justice Department in a separate
indictment in July.



They tend not to launch ransomware against their victims, though it’s not
unheard of. Hacking for profit is more often perpetrated by Russian groups
driven purely by financial incentives. The advent of cryptocurrency, and easy
access to encryption software, makes the hack-lock-ransom playbook particularly
lucrative. For the Chinese, though, the motive tends to be espionage or
security.

Of particular relevance to computer systems globally is the use of ransomware as
a tool of distraction. With security teams on high alert against such attacks,
which can cripple critical infrastructure and hobble supply chains — a Brazilian
meat processor was shut down earlier this year — focus can be drawn away from an
altogether different motive.



Last year’s Winnti attack appeared to have multiple goals, none of which were
obvious upon first glance: cause havoc, plant backdoors, and prepare to steal
information. As victims mopped up and reset their systems, researchers at
CyCraft found malicious code that hadn’t been caught earlier — including malware
that remained connected to servers controlled by the hackers. 



“I don’t think they were expecting that to be caught by us,” said Chad Duffy,
the company’s director of cloud engineering.

The hackers knew that the ransomware would be found. They barely tried to cover
it up — but that wasn’t the actual goal of the operation. Instead it was
a smokescreen for the mission’s true purpose, to get persistent long-term access
to the systems of some of Taiwan’s biggest institutions. The same tactic can be
expected against other nations.

Given that profit isn’t the major aim, the deployment of encryption attacks such
as ransomware from China-based teams ought to be a red flag for security teams
worldwide. The intruders may look like they’re ransacking the shop, but it’s
just as likely they’re planting a bug while you’re not looking.

This column does not necessarily reflect the opinion of the editorial board or
Bloomberg LP and its owners.

To contact the author of this story:
Tim Culpan at tculpan1@bloomberg.net

To contact the editor responsible for this story:
Rachel Rosenthal at rrosenthal21@bloomberg.net
Patrick McDowell



Have a confidential tip for our reporters?
GET IN TOUCH
Before it's here, it's on the Bloomberg Terminal.
LEARN MORE

Tim Culpan is a Bloomberg Opinion columnist covering technology. He previously
covered technology for Bloomberg News.
Read more opinionFollow @tculpan on Twitter


SHARE THIS ARTICLE


Share

Tweet

Post

Email


Comments 0

LIVE ON BLOOMBERG
Watch Live TV Listen to Live Radio
Video Player is loading.
Play Video
Play
Unmute

Current Time 0:00
/
Duration 0:00
Loaded: 0%

0:00
Progress: 0%
Stream Type LIVE
Remaining Time -0:00
 
Playback Rate

1x
Chapters
 * Chapters

Captions
 * captions settings, opens captions settings dialog
 * captions off, selected

Fullscreen

This is a modal window.



Beginning of dialog window. Escape will cancel and close the window.

TextColorWhiteBlackRedGreenBlueYellowMagentaCyanTransparencyOpaqueSemi-TransparentBackgroundColorBlackWhiteRedGreenBlueYellowMagentaCyanTransparencyOpaqueSemi-TransparentTransparentWindowColorBlackWhiteRedGreenBlueYellowMagentaCyanTransparencyTransparentSemi-TransparentOpaque
Font Size50%75%100%125%150%175%200%300%400%Text Edge
StyleNoneRaisedDepressedUniformDropshadowFont FamilyProportional
Sans-SerifMonospace Sans-SerifProportional SerifMonospace SerifCasualScriptSmall
Caps
Reset restore all settings to the default valuesDone
Close Modal Dialog

End of dialog window.


Play Again




Terms of Service Manage Cookies Trademarks Privacy Policy ©2021 Bloomberg L.P.
All Rights Reserved
Careers Made in NYC Advertise Ad Choices Help


Your monthly limit of free content is about to expire. Stay on top of historic
market volatility. Try 3 months for $8.75 $0.50 per week. Cancel anytime.
Claim This Offer
Sign In
Bloomberg Anywhere clients get free access