---
title: "Phishing attack on 23rd US-Taiwan Defense Conference averted! | DuoCircle"
description: "Phishing attack on 23rd US-Taiwan Defense Conference averted!"
image: "https://www.duocircle.com/images/og-default.png"
canonical: "https://www.duocircle.com/blog/phishing-protection/phishing-attack-on-23rd-us-taiwan-defense-conference-averted/"
---

Quick Answer

Threat actors, suspected to be Chinese state-aligned, attempted to compromise the 23rd US-Taiwan Defense Conference by sending the US-Taiwan Business Council a malicious registration form. The attacker posed as a potential attendee and attached a PDF paired with a ZIP containing an LNK file. Opening the LNK would have executed in-memory information-stealing malware designed to evade conventional antivirus, with persistence via the Windows Startup folder. Staff flagged the file as suspicious, confirmed it through official channels, and deleted it without execution. The Council attributes the success to two decades of spear-phishing experience, ongoing cybereducation, text-only email enforcement, daily and weekend offline windows, and air-gapped internal IT systems. Similar attacks targeted the Council heavily between 2003 and 2011 and again in 2016 and 2017.

Phishing attack on 23rd US-Taiwan Defense Conference averted!

Your browser does not support the audio element.

[ Download episode](https://media.mailhop.org/duocircle/images/2024/09/Phishing-attack-on-23rd-US-Taiwan-Defense-Conference-averted-1.mp3) 

Share 

[ ](https://www.linkedin.com/sharing/share-offsite/?url=undefined%2Fblog%2Fphishing-protection%2Fphishing-attack-on-23rd-us-taiwan-defense-conference-averted%2F "Share on LinkedIn") [ ](https://twitter.com/intent/tweet?text=Phishing%20attack%20on%2023rd%20US-Taiwan%20Defense%20Conference%20averted!&url=undefined%2Fblog%2Fphishing-protection%2Fphishing-attack-on-23rd-us-taiwan-defense-conference-averted%2F "Share on X/Twitter") [ ](https://www.facebook.com/sharer/sharer.php?u=undefined%2Fblog%2Fphishing-protection%2Fphishing-attack-on-23rd-us-taiwan-defense-conference-averted%2F "Share on Facebook") [ ](https://reddit.com/submit?url=undefined%2Fblog%2Fphishing-protection%2Fphishing-attack-on-23rd-us-taiwan-defense-conference-averted%2F&title=Phishing%20attack%20on%2023rd%20US-Taiwan%20Defense%20Conference%20averted! "Share on Reddit") [ ](mailto:?subject=Phishing%20attack%20on%2023rd%20US-Taiwan%20Defense%20Conference%20averted!&body=Check out this article: undefined%2Fblog%2Fphishing-protection%2Fphishing-attack-on-23rd-us-taiwan-defense-conference-averted%2F "Share via Email") 

![Phishing attack](https://media.mailhop.org/duocircle/images/2024/09/phishing-protection-6126.jpg) 

In a recent turn of events, threat actors have been trying to target a [US-Taiwanese defense conference](https://www.darkreading.com/cyberattacks-data-breaches/espionage-attack-us-taiwan-defense-conference). The meeting is going to be held in Philadelphia’s Logan Square neighborhood. Press entry will not be allowed in the meeting. Eminent speakers from different sectors, such as commerce, defense, academia, and government, will be attending the **23rd defense conference**. The agenda of the meeting is to discuss the ‘future of US defense cooperation with Taiwan, the defense procurement process, and Taiwan’s defense and national security needs.’

_Shockingly enough, the event organizer, the US-Taiwan Business Council, received a malicious registration form_. Along with it came [information-stealing malware](https://thehackernews.com/2024/07/indian-software-firms-products-hacked.ht). The malware is designed in a way that its execution happens in memory, thereby avoiding detection by **conventional antivirus software**. However, the [cybersecurity](/) preparations were upto the mark. As a result, authorities could easily detect the attack.

[![phishing attack](https://media.mailhop.org/duocircle/images/2024/09/anti-phishing-software-6832.jpg)](https://media.mailhop.org/duocircle/images/2024/09/anti-phishing-software-6832.jpg)

## History repeats itself!

_A similar attack was planned on Taiwan’s defense industry 8 years ago_. Some of the attendees of the 15th US-Taiwan Defense Industry Conference and the members of the **Taiwan defense industry** received a Chinese [phishing email](https://www.bleepingcomputer.com/news/security/phishing-emails-abuse-windows-search-protocol-to-push-malicious-scripts/).

The Vice President of the [US-Taiwan Business Council](https://en.wikipedia.org/wiki/US%E2%80%93Taiwan%5FBusiness%5FCouncil) said that threat actors attacked them left, right, and center between **2003 and 2011**. The situation worsened in 2016 and 2017\. However, there has not been much activity since then.

This year, the attack is believed to have targeted the Council rather than the attendees. The [threat actor](/email-security/threat-actors-attack-thousands-of-computers-following-the-ion-incident/) pretended to be a potential attendee and sent out the email. The attacker sent out an already filled-out copy of the conference registration form in PDF format. The document was paired with a ZIP file whose ultimate goal was to download malware. If anyone had opened this LNK file, the **Windows Startup folder** would have been impacted.

_Experts have not yet figured out any specific threat actor behind this attack_. However, they believe that Chinese entities are often involved in **similar anti-Taiwan activities**. They are blaming East Asian geopolitics for this allegedly [state-sponsored attack](https://www.infosecurity-magazine.com/news/stateespionage-campaign-cisco/) on the US-Taiwan Defense Conference.

Authorities were quick enough to take action, as their 20 years of experience being attacked by [spear-phishing](/content/phishing-prevention/spear-phishing-examples) emails came in handy. As a result, no one opened the LNK file, flagged it as suspicious, and eventually deleted it after **official confirmation**.

[![ spear-phishing emails](https://media.mailhop.org/duocircle/images/2024/09/Office-365-migration.jpg)](https://media.mailhop.org/duocircle/images/2024/09/Office-365-migration.jpg)

When asked about their level of preparedness, the Council said that [cybereducation](https://cyber-ed.org/the-importance-of-cyber-education-in-todays-digital-world/the-ultimate-guide-to-educating-employees-on-cyber-security/the-importance-of-cybersecurity-education-for-small-business-employees/understanding-cyber-education-definition-and-importance/) had played a great role in keeping such phishing attempts at bay. Their entire staff is well aware of such attacks, and they are trained not to click on [malicious links](https://www.computerweekly.com/news/366544395/Malicious-URL-volumes-soar-as-cyber-criminals-pull-on-Threads) or open documents that appear suspicious. Also, a thorough scanning is done before opening the emails. _Restricting the emails to a text-only structure and taking the system offline daily at night and on weekends have helped the Council to avert cyberattacks_. They have also been air-gapping the **computers and internal IT systems**.

**Years of experience**, elaborate preparations, and a proactive nature have helped the Council to prevent this major attack on the high-profile US-Taiwan Defense Conference.

## Topics

cyber securityUpdates 

![Brad Slavin](https://media.mailhop.org/dmarcreport/images/team/brad-slavin.jpg) 

Brad Slavin 

General Manager

General Manager at DuoCircle. Product strategy and commercial lead across the email security portfolio.

## Secure your email infrastructure

Protect, authenticate, and deliver. Contact our team to find the right solution.

[Contact Sales](/contact/) [Explore Products](/products/) 

## Related Articles

[  Phishing 11m  AI-Generated Phishing Has Eliminated the Typo: Why Traditional Email Filters Are No Longer Enough  Apr 28, 2026 ](/blog/ai-generated-phishing-eliminates-typos-making-traditional-email-filters-ineffective/)[  Phishing 5m  10 Applications of ChatGPT that Hackers Are Already Exploiting  May 3, 2023 ](/blog/phishing-protection/10-applications-of-chatgpt-that-hackers-are-already-exploiting/)[  Phishing 6m  A Guide to Checking the Legitimacy of a URL  Jan 5, 2024 ](/blog/phishing-protection/a-guide-to-checking-the-legitimacy-of-a-url/)[  Phishing 7m  A Summary of Forescout’s OT: ICEFALL Outlining 56 Vulnerabilities in Vendors Worldwide  Jul 5, 2022 ](/blog/phishing-protection/a-summary-of-forescouts-ot-icefall-outlining-56-vulnerabilities-in-vendors-worldwide/)

```json
{"@context":"https://schema.org","@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}],"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://www.g2.com/products/phish-protection-by-duocircle/reviews","https://github.com/duocircle","https://www.crunchbase.com/organization/duocircle-llc"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://support.duocircle.com"},"knowsAbout":["Email Security","Email Authentication","SPF","DKIM","DMARC","Phishing Protection","Spam Filtering","SMTP Relay","Email Deliverability","Email Forwarding"]}
```

```json
{"@context":"https://schema.org","@type":"WebSite","name":"DuoCircle LLC","url":"https://www.duocircle.com","description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","publisher":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}}
```

```json
[{"@context":"https://schema.org","@type":"BlogPosting","headline":"Phishing attack on 23rd US-Taiwan Defense Conference averted!","description":"Phishing attack on 23rd US-Taiwan Defense Conference averted!","url":"https://www.duocircle.com/blog/phishing-protection/phishing-attack-on-23rd-us-taiwan-defense-conference-averted/","datePublished":"2024-09-20T18:34:36.000Z","dateModified":"2025-08-26T18:30:57.000Z","dateCreated":"2024-09-20T18:34:36.000Z","author":{"@type":"Person","@id":"https://www.duocircle.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://www.duocircle.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin runs DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. His focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/dmarcreport/images/team/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://www.duocircle.com/blog/phishing-protection/phishing-attack-on-23rd-us-taiwan-defense-conference-averted/"},"articleSection":"phishing-protection","keywords":"cyber security, Updates","wordCount":506,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/duocircle/images/2024/09/phishing-protection-6126.jpg","caption":"Phishing attack","width":900,"height":600},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}},{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Blog","item":"https://www.duocircle.com/blog/"},{"@type":"ListItem","position":2,"name":"Phishing"},{"@type":"ListItem","position":3,"name":"Phishing attack on 23rd US-Taiwan Defense Conference averted!","item":"https://www.duocircle.com/blog/phishing-protection/phishing-attack-on-23rd-us-taiwan-defense-conference-averted/"}]}]
```

```json
{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://www.duocircle.com/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https://www.duocircle.com/blog/"},{"@type":"ListItem","position":3,"name":"Phishing","item":"https://www.duocircle.comundefined"},{"@type":"ListItem","position":4,"name":"Phishing attack on 23rd US-Taiwan Defense Conference averted!","item":"https://www.duocircle.com/blog/phishing-protection/phishing-attack-on-23rd-us-taiwan-defense-conference-averted/"}]}
```

```json
{"@context":"https://schema.org","@type":"BlogPosting","headline":"Phishing attack on 23rd US-Taiwan Defense Conference averted!","description":"Phishing attack on 23rd US-Taiwan Defense Conference averted!","url":"https://www.duocircle.com/blog/phishing-protection/phishing-attack-on-23rd-us-taiwan-defense-conference-averted/","datePublished":"2024-09-20T18:34:36.000Z","dateModified":"2025-08-26T18:30:57.000Z","dateCreated":"2024-09-20T18:34:36.000Z","author":{"@type":"Person","@id":"https://www.duocircle.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://www.duocircle.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin runs DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. His focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/dmarcreport/images/team/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://www.duocircle.com/blog/phishing-protection/phishing-attack-on-23rd-us-taiwan-defense-conference-averted/"},"articleSection":"phishing-protection","keywords":"cyber security, Updates","wordCount":506,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/duocircle/images/2024/09/phishing-protection-6126.jpg","caption":"Phishing attack","width":900,"height":600},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}}
```