Targeting of Taiwanese financial institutions
Date of report
  • February 2022
The Chinese threat actor APT10 used a vulnerability in a web interface to install a version of the Quasar remote access Trojan. The attack was initially overlooked because of the focus on a credential stuffing attack, where hackers use mass amounts of previously stolen information to try to break into a system, seemingly conducted by APT10 to secure access to trading accounts and make transactions on the Hong Kong stock market. The credential stuffing was used by APT10 as a smokescreen for its larger operation. 
Suspected victims
  • Taiwan’s financial sector
Suspected state sponsor
  • China
Type of incident
  • Espionage
Target category
  • Private sector
Victim government reaction
  • Unknown