Taiwan and Typhoons

Today in the space between war and peace…

• Chinese Freighter Detained for Suspected Damage to Taiwanese Submarine Cable
• Navigating Typhoons: Tailored Policy Responses Needed
• New Groups Target Critical Infrastructure as Industrial Malware Evolves

Chinese Freighter Detained for Suspected Damage to Taiwanese Submarine Cable

According to the Taipei Times, a Togolese-registered Chinese freighter named Hon Tai (according to other sources:  “Hong Tai”, “Hong Tai 58”, or “Hong Tai 168”) has been detained for allegedly damaging a submarine cable connecting Taiwan and Penghu County. The Coast Guard Administration (CGA) monitored the vessel, which remained near the No. 3 undersea cable despite requests to leave. Discrepancies were found in the ship’s identification, and all eight crew members were identified as Chinese nationals. The CGA suggests this may be linked to China’s ‘gray zone’ tactics. The Tainan District Prosecutor’s Office is now conducting a national security investigation. In response to the incident, Chunghwa Telecom has rerouted communications through alternative cables.

Navigating Typhoons: Tailored Policy Responses Needed

According to War on the Rocks, the Chinese cyber operations dubbed “Volt Typhoon” and “Salt Typhoon” represent distinct threats that require tailored policy responses. Salt Typhoon involves large-scale cyber espionage, where Chinese actors infiltrated major U.S. telecommunications companies, such as Verizon and AT&T, to gather sensitive information, including data from high-profile individuals like President-elect Donald Trump and Vice President-elect JD Vance. This operation aligns with traditional intelligence-gathering efforts. In contrast, Volt Typhoon focuses on operational preparation of the environment, with Chinese actors embedding themselves within U.S. critical infrastructure, potentially disrupting services during future conflicts. This activity is more about positioning for potential sabotage rather than immediate data theft. The article emphasizes that conflating these two distinct threats can lead to ineffective policy measures. For espionage activities like Salt Typhoon, enhancing incident response and bolstering defense and resilience are crucial. For preparatory intrusions like Volt Typhoon, the focus should be on deterring conflict and, if deterrence fails, protecting civilian and military infrastructure from potential attacks. Recognizing the unique nature of each threat allows for more precise and effective policy actions.

New Groups Target Critical Infrastructure as Industrial Malware Evolves

According to Dragos’s 8th Annual OT Cybersecurity Year in Review report, the operational technology (OT) and industrial control systems (ICS) sectors faced escalating cyber threats in 2024, influenced by geopolitical conflicts and evolving adversary tactics. The report highlights the identification of two new threat groups, BAUXITE and VOLTZITE, actively targeting critical infrastructure across various regions. BAUXITE has been involved in reconnaissance and research against OT/ICS entities, while VOLTZITE has demonstrated persistent interest in U.S. critical infrastructure, including telecommunications and emergency services. Additionally, the discovery of new ICS-specific malware, such as Fuxnet and FrostyGoop, underscores the increasing sophistication of attacks aimed at disrupting industrial operations. The report emphasizes the necessity for enhanced OT network visibility, secure remote access protocols, and proactive incident response planning to mitigate these evolving threats.