China’s cyberarmy has long engaged in cyberattacks against Taiwan’s critical infrastructure, employing diverse and evolving tactics, the National Security Bureau (NSB) said yesterday, adding that cyberattacks on critical energy infrastructure last year increased 10-fold compared with the previous year.
The NSB yesterday released a report titled Analysis on China’s Cyber Threats to Taiwan’s Critical Infrastructure in 2025, outlining the number of cyberattacks, major tactics and hacker groups.
Taiwan’s national intelligence community identified a large number of cybersecurity incidents last year, the bureau said in a statement.
Photo: Reuters
China’s cyberarmy last year launched an average of 2.63 million intrusion attempts per day targeting Taiwan’s critical infrastructure — a 6 percent increase compared with 2024, it said.
Taiwan saw an average of 2.46 million intrusion attempts per day in 2024, up from 1.23 million in 2023, the report showed.
The intrusion attempts spanned across nine primary sectors: administration and agencies; energy, communications and transmission; transportation; emergency rescue and hospitals; water resources; finance; science parks; industrial parks; and food, it said.
Photo courtesy of the National Security Bureau
According to the report, the most significant increases in cyberattacks occurred in the energy sector at 1,000 percent greater than 2024 levels, while the emergency rescue and hospitals sector saw a 54 percent increase.
The report also outlined four major tactics employed by China’s cyberarmy, namely hardware and software vulnerability exploitation, distributed denial-of-service (DDoS), social engineering, and supply chain attacks.
First, attacks exploiting hardware and software vulnerabilities accounted for 57 percent of China’s hacking operations, underscoring China’s growing efforts to bolster the operational capacity of vulnerability weaponization, the bureau said.
Photo courtesy of the National Security Bureau
It has leveraged the software and hardware vulnerabilities of information and communications technology (ICT) equipment manufactured by international suppliers or those involved in government procurement joint supply contracts, the report said.
Chinese hackers targeted ICT equipment with unpatched vulnerabilities to circumvent identity verification and gain administrative access to steal classified data, it added.
Second, regarding DDoS attacks, which accounted for 21 percent, China’s cyberarmy uses a large number of botnets to send high-frequency connection requests simultaneously to try to compromise the operations of external networks in Taiwan’s critical infrastructure, the bureau said.
This approach intends to delay or paralyze Taiwan’s critical infrastructure’s services, and therefore impact Taiwanese’s daily lives, it added.
Third, for social engineering attacks, which accounted for 18 percent, China’s cyberarmy poses as business contacts of its targets and sending phishing e-mails to deceive specific targets to click on malicious links and open malicious attached files, the bureau said.
Chinese hackers might also employ the ClickFix technique to fabricate error messages or update requirements, it added.
These techniques aim to trick the targets into activating malware that would give the attacker elevated system permissions, it said.
Fourth, for supply chain attacks, which accounted for 4 percent, China’s cyberarmy tries to infiltrate the networks of suppliers of Taiwan’s critical infrastructure as well as their cooperative enterprises, the bureau said.
By conducting identity-theft to cover illegal activities, Chinese hackers would seize those targets’ shared systems, system upgrades and equipment maintenance to implant and spread malware among Taiwan’s critical infrastructure, it said.
The report also outlined the top five Chinese hacker groups, namely BlackTech (黑科技), Flax Typhoon (亞麻颱風), Mustang Panda (野馬熊貓), APT41, and UNC3886.
The hacker groups launched cyberattacks against Taiwan’s critical infrastructure focusing on five primary sectors, including energy, healthcare, communications and transmission, administration and agencies, as well as technology, the bureau said.
The hacking methods included intensive probing of network equipment and industrial control systems of Taiwan’s energy companies and implantation of malware, it said.
The threat actors also employed ransomware to compromise the operations of major hospitals and sold data stolen from medical institutions on dark Web forums, it said, adding that at least 20 cases were identified last year.
Cybersecurity agencies and intelligence services across the Indo-Pacific region, NATO and the EU repeatedly identified China as a primary source of global cybersecurity threats, the bureau said.
China has fully integrated military, intelligence, industrial and technological capabilities across public and private sectors to enhance the depth of intrusion and operational stealth of its external cyberattacks through a wide range of tactics and techniques, it said.
In response to China’s cyberthreats, the NSB pledged to continue to work with the national intelligence community and relevant government agencies through the established joint defense and reporting mechanisms on information security to report and address China’s cyberattacks as quickly as possible.
The NSB said it last year convened information security dialogues and technical conferences with more than 30 countries worldwide.
The bureau said it strives to obtain timely intelligence on attack patterns of China’s cyberarmy by cooperating closely with international friends and allies.
Through international cooperation networks on information security, the NSB conducts joint investigations into malicious relay nodes, thereby supporting government decisionmaking and response preparedness, in addition to further enhancing the overall resilience and capacity of Taiwan’s critical infrastructure protection, it said.
The Central Election Commission has amended election and recall regulations to require elected office candidates to provide proof that they have no Chinese citizenship, a Cabinet report said. The commission on Oct. 29 last year revised the Measures for the Permission of Family-based Residence, Long-term Residence and Settlement of People from the Mainland Area in the Taiwan Area (大陸地區人民在台灣地區依親居留長期居留或定居許可辦法), the Executive Yuan said in a report it submitted to the legislature for review. The revision requires Chinese citizens applying for permanent residency to submit notarial documents showing that they have lost their Chinese household record and have renounced — or have never
A magnitude 5.6 earthquake struck off the coast of Yilan County at 12:37pm today, with clear shaking felt across much of northern Taiwan. There were no immediate reports of damage. The epicenter of the quake was 16.9km east-southeast of Yilan County Hall offshore at a depth of 66.8km, Central Weather Administration (CWA) data showed. The maximum intensity registered at a 4 in Yilan County’s Nanao Township (南澳) on Taiwan’s seven-tier scale. Other parts of Yilan, as well as certain areas of Hualien County, Taipei, New Taipei City, Taoyuan, Hsinchu County, Taichung and Miaoli County, recorded intensities of 3. Residents of Yilan County and Taipei received
Taiwan has secured another breakthrough in fruit exports, with jujubes, dragon fruit and lychees approved for shipment to the EU, the Ministry of Agriculture said yesterday. The Animal and Plant Health Inspection Agency on Thursday received formal notification of the approval from the EU, the ministry said, adding that the decision was expected to expand Taiwanese fruit producers’ access to high-end European markets. Taiwan exported 126 tonnes of lychees last year, valued at US$1.48 million, with Japan accounting for 102 tonnes. Other export destinations included New Zealand, Hong Kong, the US and Australia, ministry data showed. Jujube exports totaled 103 tonnes, valued at
BIG SPENDERS: Foreign investors bought the most Taiwan equities since 2005, signaling confidence that an AI boom would continue to benefit chipmakers Taiwan Semiconductor Manufacturing Co’s (TSMC, 台積電) market capitalization swelled to US$2 trillion for the first time following a 4.25 percent rally in its American depositary receipts (ADR) overnight, putting the world’s biggest contract chipmaker sixth on the list of the world’s biggest companies by market capitalization, just behind Amazon.com Inc. The site CompaniesMarketcap.com ranked TSMC ahead of Saudi Aramco and Meta Platforms Inc. The Taiwanese company’s ADRs on Tuesday surged to US$385.75 on the New York Stock Exchange, as strong demand for artificial intelligence (AI) applications led to chip supply constraints and boost revenue growth to record-breaking levels. Each TSMC ADR represents
RSS