Operation WordDrone: Taiwan’s drone makers hit by sophisticated cyberattack

A disturbing new cyber campaign uncovered by Acronis, dubbed Operation WordDrone, has been targeting Taiwan’s rapidly growing drone industry. Hackers have leveraged an ancient vulnerability in Microsoft Word 2010, using it to launch a complex and persistent malware attack on drone manufacturers.

This sophisticated attack utilized a dynamic-link library (DLL) side-loading technique, exploiting Word to load malicious code. Once inside, the attackers installed a backdoor, allowing them to steal credentials, move laterally across networks, and execute remote commands. The malware, hidden behind a legitimate Word 2010 installation, was able to evade traditional antivirus software, making detection difficult.

What makes this attack particularly alarming is its clear focus on Taiwan's booming drone sector. Since the government heavily invested in drone manufacturing in 2022, with a focus on military-grade UAVs, Taiwan has become a key target for cyber espionage. The Command-and-Control infrastructure for the malware was traced back to Taiwanese servers, signaling a direct attack on the nation's defense and technology capabilities.

Operation WordDrone is a chilling reminder that even outdated software can be weaponized in cutting-edge cyberattacks. With Taiwan’s drone industry growing and its geopolitical significance rising, businesses need to bolster their defenses against increasingly advanced threats.