China-Linked 'RedJuliett' Hackers Exploit VPN and Firewall Vulnerabilities to Target Taiwan

A new report from intelligence firm Insikt Group reveals that RedJuliett, a hacker group allegedly connected to the Chinese government, has launched over 85 cyber-espionage attacks on organizations in Taiwan. Operating from Fuzhou, China, within the PLA Eastern Theater Command, RedJuliett aims to gather intelligence on Taiwan's government, trade, and technological sectors.

Between November 2023 and April 2024, RedJuliett exploited known vulnerabilities in VPNs, firewalls, and load balancers to infiltrate universities, businesses, and government entities. The group used techniques such as SQL injection and directory traversal exploits to access sensitive data. Once inside, they deployed the China Chopper web shell for remote code execution and leveraged open-source tools like JuicyPotato and BadPotato.

In addition to targeting Taiwan, RedJuliett has been linked to cyberattacks on various countries, including the US, South Korea, Laos, Kenya, and Rwanda. Insikt Group's findings did not establish a connection between RedJuliett and another Chinese hacking group, Volt Typhoon, but noted that both use "living off the land" strategies to execute their attacks.