Taiwan suggests China’s Winnti group is behind ransomware attack on state oil company

A CPC gas station in Taiwan. The station's parent company was hit with ransomware. (Wikimedia Commons/Solomon 203)


Written by

Taiwanese authorities have suggested that Chinese hackers were behind a ransomware attack against Taiwan’s state oil company, an aggressive assault on one of the island nation’s strategic assets.

Data left behind in the attack, such as a configuration file and domain name, point to the involvement of a group known as Winnti, or something “closely related” to it, Taiwan’s Ministry of Justice said in a statement Friday. Winnti is a broad collection of hackers that cybersecurity researchers have linked with the Chinese government.

Cybersecurity analysts say Beijing’s hackers have long conducted operations against Taiwanese targets to gather intelligence. But an attempt to extort Taiwanese company CPC Corp., which is responsible for delivering oil products throughout Taiwan, would be a much more brazen move. Although the attack didn’t affect the CPC’s energy production, it did disrupt some customers’ efforts to use CPC Corp.’s payment cards to purchase gas.

CyberScoop could not independently confirm that Winnti was involved in the attack. The Chinese Embassy in Washington, D.C., did not immediately respond to a request for comment on the allegation.

The ransomware attack forced CPC to rebuild some of its infrastructure and is part of a spate of recent cyberthreats facing Taiwan.

Multiple “important domestic energy and technology companies” in Taiwan had been hobbled by ransomware in recent weeks, the Ministry of Justice said. It did not explicitly name CPC as a victim. Local media, however, reported the statement referred to CPC and other victims.

-In this Story-

China, oil, ransomware, taiwan, Winnti