China’s cyberarmy has long engaged in cyberattacks against Taiwan’s critical infrastructure, employing diverse and evolving tactics, the National Security Bureau (NSB) said yesterday, adding that cyberattacks on critical energy infrastructure last year increased 10-fold compared with the previous year.
The NSB yesterday released a report titled Analysis on China’s Cyber Threats to Taiwan’s Critical Infrastructure in 2025, outlining the number of cyberattacks, major tactics and hacker groups.
Taiwan’s national intelligence community identified a large number of cybersecurity incidents last year, the bureau said in a statement.
Photo: Reuters
China’s cyberarmy last year launched an average of 2.63 million intrusion attempts per day targeting Taiwan’s critical infrastructure — a 6 percent increase compared with 2024, it said.
Taiwan saw an average of 2.46 million intrusion attempts per day in 2024, up from 1.23 million in 2023, the report showed.
The intrusion attempts spanned across nine primary sectors: administration and agencies; energy, communications and transmission; transportation; emergency rescue and hospitals; water resources; finance; science parks; industrial parks; and food, it said.
Photo courtesy of the National Security Bureau
According to the report, the most significant increases in cyberattacks occurred in the energy sector at 1,000 percent greater than 2024 levels, while the emergency rescue and hospitals sector saw a 54 percent increase.
The report also outlined four major tactics employed by China’s cyberarmy, namely hardware and software vulnerability exploitation, distributed denial-of-service (DDoS), social engineering, and supply chain attacks.
First, attacks exploiting hardware and software vulnerabilities accounted for 57 percent of China’s hacking operations, underscoring China’s growing efforts to bolster the operational capacity of vulnerability weaponization, the bureau said.
Photo courtesy of the National Security Bureau
It has leveraged the software and hardware vulnerabilities of information and communications technology (ICT) equipment manufactured by international suppliers or those involved in government procurement joint supply contracts, the report said.
Chinese hackers targeted ICT equipment with unpatched vulnerabilities to circumvent identity verification and gain administrative access to steal classified data, it added.
Second, regarding DDoS attacks, which accounted for 21 percent, China’s cyberarmy uses a large number of botnets to send high-frequency connection requests simultaneously to try to compromise the operations of external networks in Taiwan’s critical infrastructure, the bureau said.
This approach intends to delay or paralyze Taiwan’s critical infrastructure’s services, and therefore impact Taiwanese’s daily lives, it added.
Third, for social engineering attacks, which accounted for 18 percent, China’s cyberarmy poses as business contacts of its targets and sending phishing e-mails to deceive specific targets to click on malicious links and open malicious attached files, the bureau said.
Chinese hackers might also employ the ClickFix technique to fabricate error messages or update requirements, it added.
These techniques aim to trick the targets into activating malware that would give the attacker elevated system permissions, it said.
Fourth, for supply chain attacks, which accounted for 4 percent, China’s cyberarmy tries to infiltrate the networks of suppliers of Taiwan’s critical infrastructure as well as their cooperative enterprises, the bureau said.
By conducting identity-theft to cover illegal activities, Chinese hackers would seize those targets’ shared systems, system upgrades and equipment maintenance to implant and spread malware among Taiwan’s critical infrastructure, it said.
The report also outlined the top five Chinese hacker groups, namely BlackTech (黑科技), Flax Typhoon (亞麻颱風), Mustang Panda (野馬熊貓), APT41, and UNC3886.
The hacker groups launched cyberattacks against Taiwan’s critical infrastructure focusing on five primary sectors, including energy, healthcare, communications and transmission, administration and agencies, as well as technology, the bureau said.
The hacking methods included intensive probing of network equipment and industrial control systems of Taiwan’s energy companies and implantation of malware, it said.
The threat actors also employed ransomware to compromise the operations of major hospitals and sold data stolen from medical institutions on dark Web forums, it said, adding that at least 20 cases were identified last year.
Cybersecurity agencies and intelligence services across the Indo-Pacific region, NATO and the EU repeatedly identified China as a primary source of global cybersecurity threats, the bureau said.
China has fully integrated military, intelligence, industrial and technological capabilities across public and private sectors to enhance the depth of intrusion and operational stealth of its external cyberattacks through a wide range of tactics and techniques, it said.
In response to China’s cyberthreats, the NSB pledged to continue to work with the national intelligence community and relevant government agencies through the established joint defense and reporting mechanisms on information security to report and address China’s cyberattacks as quickly as possible.
The NSB said it last year convened information security dialogues and technical conferences with more than 30 countries worldwide.
The bureau said it strives to obtain timely intelligence on attack patterns of China’s cyberarmy by cooperating closely with international friends and allies.
Through international cooperation networks on information security, the NSB conducts joint investigations into malicious relay nodes, thereby supporting government decisionmaking and response preparedness, in addition to further enhancing the overall resilience and capacity of Taiwan’s critical infrastructure protection, it said.
South Korea has adjusted its electronic arrival card system to no longer list Taiwan as a part of China, a move that the Ministry of Foreign Affairs said would help facilitate exchanges between the two sides. South Korea previously listed “Taiwan” as “Taiwan (China)” in the drop-down menus of its online arrival card system, where people had to fill out where they came from and their next destination. The ministry had requested South Korea make a revision and said it would change South Korea’s name on Taiwan’s online immigration system from “Republic of Korea” to “Korea (South),” should the issue not be
Tainan, Taipei and New Taipei City recorded the highest fines nationwide for illegal accommodations in the first quarter of this year, with fines issued in the three cities each exceeding NT$7 million (US$220,639), Tourism Administration data showed. Among them, Taipei had the highest number of illegal short-term rental units, with 410. There were 3,280 legally registered hotels nationwide in the first quarter, down by 14 properties, or 0.43 percent, from a year earlier, likely indicating operators exiting the market, the agency said. However, the number of unregistered properties rose to 1,174, including 314 illegal hotels and 860 illegal short-term rental
Both sides of the Taiwan Strait share a political foundation based on the “1992 consensus” and opposition to Taiwanese independence, Chinese Nationalist Party (KMT) Chairwoman Cheng Li-wun (鄭麗文) today said during her meeting with Chinese President Xi Jinping (習近平). Both sides of the Strait should plan and build institutionalized and sustainable mechanisms for dialogue and cooperation based on that foundation to make peaceful development across the Strait irreversible, she said. Peace is a shared moral value across the Strait, and both sides should move beyond political confrontation to seek institutionalized solutions to prevent war, she said. Mutually beneficial cross-strait relations are what the
ECONOMIC COERCION: Such actions are often inconsistently applied, sometimes resumed, and sometimes just halted, the Presidential Office spokeswoman said The government backs healthy and orderly cross-strait exchanges, but such arrangements should not be made with political conditions attached and never be used as leverage for political maneuvering or partisan agendas, Presidential Office spokeswoman Karen Kuo (郭雅慧) said yesterday. Kuo made the remarks after China earlier in the day announced 10 new “incentive measures” for Taiwan, following a landmark meeting between Chinese President Xi Jinping (習近平) and Chinese Nationalist Party (KMT) Chairwoman Cheng Li-wun (鄭麗文) in Beijing on Friday. The measures, unveiled by China’s Xinhua news agency, include plans to resume individual travel by residents of Shanghai and China’s Fujian
RSS