Taiwanese Citizens Arrested for Purchase of Data Stolen by China-Based Hacking Group
Udumbara
.
TAIPEI, Taiwan—Local investigators recently announced the arrest of two Taiwanese citizens for allegedly purchasing personal data stolen by a China-based hacking group known as “CrazyHunter,” which began targeting institutions in Taiwan earlier this year.
The bureau said three raids were conducted between May and August, during which two Taiwanese nationals, identified only by their surnames, Liu and Cheng, were arrested.
Liu fled Taiwan after the investigation into the hack began but was arrested when he attempted to re-enter Taiwan, according to the bureau.
Investigators found tens of thousands of stolen personal data records on the computers seized from Liu and Cheng, along with evidence of completed transactions with CrazyHunter.
The bureau said Liu and Cheng had each been released on NT$30,000 (about $980) bail and barred from leaving Taiwan. Their cases have been handed over to the Taipei District Prosecutors Office for continued investigation into alleged offenses, including improper use of a computer, extortion, and violations of the Personal Data Protection Act.
Liu and Cheng, and a China-based individual identified only by his surname Zhao, who also allegedly purchased stolen information from CrazyHunter, were characterized by the bureau as members of data trafficking rings.
The earliest victims hit by the ransomware attack were the MacKay Memorial Hospital and Changhua Christian Hospital.
MacKay Memorial included some details of the attack in a sustainability report published in August. According to the report, the attack by CrazyHunter affected over 600 hospital computers, and some staff were unable to access the patient record system during the early stages of the incident.
In March, Taiwan’s Ministry of Health and Welfare announced a new guideline on how hospitals should respond in the event of a ransomware attack.
In April, the bureau held a press conference to announce that the hacker behind the CrazyHunter attack was a male Chinese national surnamed Luo, located in Zhejiang Province on China’s eastern coast. The bureau explained that Luo was identified through an analysis of the hacking methods, source IP addresses, and the malicious programs used in the attack.
During the press conference, the bureau also announced that the Taipei District Prosecutor’s Office had issued a wanted notice for Luo.
Luo allegedly attempted to sell the stolen information on a discussion forum and also disclosed the hack’s targets and the ransom amount, the bureau added.
The bureau identified another hacker in the Aug. 28 statement, a China-based individual surnamed Xu.
“In the face of frequent international hacker attacks, the public and private sectors should collaborate closely. In addition to strengthening education and training for personnel, it is essential to quickly establish or join a joint cybersecurity defense network to receive domestic and cross-sector intelligence, in order to detect and prevent cybersecurity threats as early as possible,” the bureau stated, according to a translation of the original text.
.
