Chinese-language threat group Xiaoqiying, also known as Genesis Day or Teng Snake, targeted a dozen South Korean research and academic institutions with data exfiltration attacks in January. Researchers from Recorded Future’s Insikt Group believe the group, which is affiliated with hacktivist groups and seeks to show patriotism towards China, has launched a new round of cyberattacks against organisations in Japan and Taiwan.
The researchers found that the group, which is ideologically motivated and not concerned with financial gains, recruited members through two Telegram channels that were closed after the cyberattacks in South Korea were exposed. The group has claimed to have compromised new targets in Japan and Taiwan and to have collaborated with other cybercriminals, Pakistani hacking groups and Russian government hackers.
Insikt Group researchers managed to obtain leaked data, tools, malware source codes and samples, files related to U.S. government entities, credit card data and more from the Telegram channel.
Even after the Telegram groups were disbanded, actors connected to the group continued to market their activities, operating a clearnet website where they post announcements. One hacker, known as “uetus” on Ramp Forum, claimed to have compromised National Taiwan University on April 5 and leaked 25 GB of data.
Chinese-based hacking groups have long targeted South Korean organisations for both financial and geopolitical reasons. Chinese criminal gangs have previously spread Android banking trojans in South Korea. Last year, Xiaoqiying claimed to have carried out cyberattacks affecting organisations such as the FBI, South Korea’s Ministry of Health and Defense Ministry, Ukraine, and Japan.
The group also claimed to have hacked into Samsung and accessed the company’s internal intranet system. Although no ties between the group and the Chinese government were established, the fact that the group was not seeking to profit from the access it gained or the data it stole suggests that it is ideologically motivated.
