New Cyber Espionage Campaign Targets Taiwanese Drone Manufacturers
A newly discovered cyber threat actor, likely linked to Chinese-speaking groups, has been targeting Taiwanese drone manufacturers in an espionage campaign that began in 2024. Cybersecurity firm Trend Micro has identified this group, named TIDRONE, focusing on military-related industries.
The attackers’ initial access method remains unclear, but Trend Micro has identified custom malware, CXCLNT and CLNTEND, deployed via remote desktop tools like UltraVNC. A shared use of enterprise resource planning (ERP) software among victims suggests a potential supply chain attack.
The attack progresses through three stages, aiming to escalate privileges, bypass User Access Control (UAC), and disable antivirus software. The malware, launched through Microsoft Word, allows the attackers to extract sensitive information and maintain control over compromised systems.
Trend Micro researchers believe that the group’s operational patterns align with other Chinese espionage activities, indicating that TIDRONE is likely an as-yet unidentified Chinese-speaking entity. The investigation into this threat is ongoing.
Most Viewed
New rules, rising threats: why lean IT teams must rethink cyber-securitySponsored by CORO CYBER SECURITY
Don’t allow AI experiments to become quiet business risksSponsored by alice.io
The Expert View: Reducing cyber-risk across OT and critical infrastructureSponsored by Claroty
The Expert View: Transforming security through risk intelligenceSponsored by Obrela
Winston House, 3rd Floor, Units 306-309, 2-4 Dollis Park, London, N3 1HF
23-29 Hendon Lane, London, N3 1RT
020 8349 4363
© 2025, Lyonsdown Limited. teiss® is a registered trademark of Lyonsdown Ltd. VAT registration number: 830519543