China’s cyberarmy has long engaged in cyberattacks against Taiwan’s critical infrastructure, employing diverse and evolving tactics, the National Security Bureau (NSB) said yesterday, adding that cyberattacks on critical energy infrastructure last year increased 10-fold compared with the previous year.
The NSB yesterday released a report titled Analysis on China’s Cyber Threats to Taiwan’s Critical Infrastructure in 2025, outlining the number of cyberattacks, major tactics and hacker groups.
Taiwan’s national intelligence community identified a large number of cybersecurity incidents last year, the bureau said in a statement.
Photo: Reuters
China’s cyberarmy last year launched an average of 2.63 million intrusion attempts per day targeting Taiwan’s critical infrastructure — a 6 percent increase compared with 2024, it said.
Taiwan saw an average of 2.46 million intrusion attempts per day in 2024, up from 1.23 million in 2023, the report showed.
The intrusion attempts spanned across nine primary sectors: administration and agencies; energy, communications and transmission; transportation; emergency rescue and hospitals; water resources; finance; science parks; industrial parks; and food, it said.
Photo courtesy of the National Security Bureau
According to the report, the most significant increases in cyberattacks occurred in the energy sector at 1,000 percent greater than 2024 levels, while the emergency rescue and hospitals sector saw a 54 percent increase.
The report also outlined four major tactics employed by China’s cyberarmy, namely hardware and software vulnerability exploitation, distributed denial-of-service (DDoS), social engineering, and supply chain attacks.
First, attacks exploiting hardware and software vulnerabilities accounted for 57 percent of China’s hacking operations, underscoring China’s growing efforts to bolster the operational capacity of vulnerability weaponization, the bureau said.
Photo courtesy of the National Security Bureau
It has leveraged the software and hardware vulnerabilities of information and communications technology (ICT) equipment manufactured by international suppliers or those involved in government procurement joint supply contracts, the report said.
Chinese hackers targeted ICT equipment with unpatched vulnerabilities to circumvent identity verification and gain administrative access to steal classified data, it added.
Second, regarding DDoS attacks, which accounted for 21 percent, China’s cyberarmy uses a large number of botnets to send high-frequency connection requests simultaneously to try to compromise the operations of external networks in Taiwan’s critical infrastructure, the bureau said.
This approach intends to delay or paralyze Taiwan’s critical infrastructure’s services, and therefore impact Taiwanese’s daily lives, it added.
Third, for social engineering attacks, which accounted for 18 percent, China’s cyberarmy poses as business contacts of its targets and sending phishing e-mails to deceive specific targets to click on malicious links and open malicious attached files, the bureau said.
Chinese hackers might also employ the ClickFix technique to fabricate error messages or update requirements, it added.
These techniques aim to trick the targets into activating malware that would give the attacker elevated system permissions, it said.
Fourth, for supply chain attacks, which accounted for 4 percent, China’s cyberarmy tries to infiltrate the networks of suppliers of Taiwan’s critical infrastructure as well as their cooperative enterprises, the bureau said.
By conducting identity-theft to cover illegal activities, Chinese hackers would seize those targets’ shared systems, system upgrades and equipment maintenance to implant and spread malware among Taiwan’s critical infrastructure, it said.
The report also outlined the top five Chinese hacker groups, namely BlackTech (黑科技), Flax Typhoon (亞麻颱風), Mustang Panda (野馬熊貓), APT41, and UNC3886.
The hacker groups launched cyberattacks against Taiwan’s critical infrastructure focusing on five primary sectors, including energy, healthcare, communications and transmission, administration and agencies, as well as technology, the bureau said.
The hacking methods included intensive probing of network equipment and industrial control systems of Taiwan’s energy companies and implantation of malware, it said.
The threat actors also employed ransomware to compromise the operations of major hospitals and sold data stolen from medical institutions on dark Web forums, it said, adding that at least 20 cases were identified last year.
Cybersecurity agencies and intelligence services across the Indo-Pacific region, NATO and the EU repeatedly identified China as a primary source of global cybersecurity threats, the bureau said.
China has fully integrated military, intelligence, industrial and technological capabilities across public and private sectors to enhance the depth of intrusion and operational stealth of its external cyberattacks through a wide range of tactics and techniques, it said.
In response to China’s cyberthreats, the NSB pledged to continue to work with the national intelligence community and relevant government agencies through the established joint defense and reporting mechanisms on information security to report and address China’s cyberattacks as quickly as possible.
The NSB said it last year convened information security dialogues and technical conferences with more than 30 countries worldwide.
The bureau said it strives to obtain timely intelligence on attack patterns of China’s cyberarmy by cooperating closely with international friends and allies.
Through international cooperation networks on information security, the NSB conducts joint investigations into malicious relay nodes, thereby supporting government decisionmaking and response preparedness, in addition to further enhancing the overall resilience and capacity of Taiwan’s critical infrastructure protection, it said.
NATIONAL SECURITY THREAT: An official said that Guan Guan’s comments had gone beyond the threshold of free speech, as she advocated for the destruction of the ROC China-born media influencer Guan Guan’s (關關) residency permit has been revoked for repeatedly posting pro-China content that threatens national security, the National Immigration Agency said yesterday. Guan Guan has said many controversial things in her videos posted to Douyin (抖音), including “the red flag will soon be painted all over Taiwan” and “Taiwan is an inseparable part of China,” while expressing hope for expedited “reunification.” The agency received multiple reports alleging that Guan Guan had advocated for armed reunification last year. After investigating, the agency last month issued a notice requiring her to appear and account for her actions. Guan Guan appeared as required,
A Vietnamese migrant worker yesterday won NT$12 million (US$379,627) on a Lunar New Year scratch card in Kaohsiung as part of Taiwan Lottery Co’s (台灣彩券) “NT$12 Million Grand Fortune” (1200萬大吉利) game. The man was the first top-prize winner of the new game launched on Jan. 6 to mark the Lunar New Year. Three Vietnamese migrant workers visited a Taiwan Lottery shop on Xinyue Street in Kaohsiung’s Gangshan District (崗山), a store representative said. The player bought multiple tickets and, after winning nothing, held the final lottery ticket in one hand and rubbed the store’s statue of the Maitreya Buddha’s belly with the other,
‘NATO-PLUS’: ‘Our strategic partners in the Indo-Pacific are facing increasing aggression by the Chinese Communist Party,’ US Representative Rob Wittman said The US House of Representatives on Monday released its version of the Consolidated Appropriations Act, which includes US$1.15 billion to support security cooperation with Taiwan. The omnibus act, covering US$1.2 trillion of spending, allocates US$1 billion for the Taiwan Security Cooperation Initiative, as well as US$150 million for the replacement of defense articles and reimbursement of defense services provided to Taiwan. The fund allocations were based on the US National Defense Authorization Act for fiscal 2026 that was passed by the US Congress last month and authorized up to US$1 billion to the US Defense Security Cooperation Agency in support of the
CLASSIFIED BRIEFING: The ministry said the special budget focuses on building a comprehensive defense system and strengthening the domestic defense industry The Ministry of National Defense yesterday released information on seven categories of weapons systems to be procured under a stalled NT$1.25 trillion (US$39.57 billion) special defense budget, including precision artillery, long-range missiles, air defense anti-tank missiles and more than 200,000 uncrewed aerial vehicles (UAVs). The Executive Yuan approved a draft version of the budget on Nov. 27 last year and submitted it to the legislature for review. The legislature’s Foreign Affairs and National Defense Committee yesterday invited Minister of National Defense Wellington Koo (顧立雄) to deliver a classified briefing and answer questions at a closed-door session. Koo said he hoped to provide lawmakers
RSS