With the Taiwan presidential election underway, cyber attacks by Chinese hacker groups against Taiwan have become more frequent. Recently, we investigated a supply chain attack targeting Taiwan, which focused on a widely used document tool in Taiwan that is not only prevalent in government agencies but also heavily utilized in government, legal and academic institutions, potentially affecting over 500,000 victims. In this attack, we also discovered traces of malware from many Chinese threat group. The attackers compromised update servers to deliver malware to victim endpoints and remained undetected for several years.

From this attack, we also reviewed the past decade, from Operation GG to recent supply chain attacks targeting financial institutions. We conducted in-depth analysis on various supply chain attack techniques from both software development processes and supply chain service processes, including supply chain software vulnerabilities, implanting malware into normal programs, island hopping attacks, and out-sourcer leakage. We analyzed the causes of supply chain incidents and defense mechanisms. Additionally, we will introduce how we have utilized AI in the past few years to assist analysts in conducting incident investigations.