Organizations targeted by UAT-10362 face potential theft of sensitive internal communications, research data, donor information, and strategic planning documents — all exfiltrated through channels that look like normal Google traffic. For universities and NGOs, this means exposure of confidential research, source protection risks for journalists or activists, and reputational damage if breaches become public. Civil society organizations operating under limited IT budgets are particularly exposed because the malware's modular design and use of trusted infrastructure make it difficult to detect without advanced endpoint and network monitoring.
You Are Affected If
Your organization is a Taiwanese NGO, university, civil society group, or affiliated institution — UAT-10362 has demonstrated persistent, targeted interest in this sector
Your endpoints run Microsoft Edge and DLL search order controls (e.g., CWB SafeDllSearchMode, application manifests) are not enforced
Your network egress policy allows endpoints to initiate outbound connections to Gmail SMTP or GMTP endpoints without process-level inspection
Your email gateway does not block or quarantine messages impersonating security vendor brands (Trend Micro Worry-Free Business Security Services specifically)
Your environment lacks EDR telemetry capable of flagging DLL sideloading from user-writable paths or dynamic Lua execution artifacts
Board Talking Points
A sophisticated threat group is conducting targeted attacks against Taiwanese civil society organizations, using malware specifically designed to evade standard security controls and exfiltrate data through trusted Google channels.
Security teams should immediately review outbound traffic policies for Gmail-bound connections from non-mail systems and deploy hunting rules for DLL sideloading via Microsoft Edge within the next 5 business days.
Without action, this threat actor can maintain persistent, covert access to sensitive organizational data — including communications, research, and donor records — with limited likelihood of detection through conventional monitoring.
PDPA (Taiwan) — campaign directly targets Taiwanese organizations and involves exfiltration of personal data held by NGOs and universities, which may be subject to Taiwan's Personal Data Protection Act
