China’s cyberarmy has long engaged in cyberattacks against Taiwan’s critical infrastructure, employing diverse and evolving tactics, the National Security Bureau (NSB) said yesterday, adding that cyberattacks on critical energy infrastructure last year increased 10-fold compared with the previous year.
The NSB yesterday released a report titled Analysis on China’s Cyber Threats to Taiwan’s Critical Infrastructure in 2025, outlining the number of cyberattacks, major tactics and hacker groups.
Taiwan’s national intelligence community identified a large number of cybersecurity incidents last year, the bureau said in a statement.
Photo: Reuters
China’s cyberarmy last year launched an average of 2.63 million intrusion attempts per day targeting Taiwan’s critical infrastructure — a 6 percent increase compared with 2024, it said.
Taiwan saw an average of 2.46 million intrusion attempts per day in 2024, up from 1.23 million in 2023, the report showed.
The intrusion attempts spanned across nine primary sectors: administration and agencies; energy, communications and transmission; transportation; emergency rescue and hospitals; water resources; finance; science parks; industrial parks; and food, it said.
Photo courtesy of the National Security Bureau
According to the report, the most significant increases in cyberattacks occurred in the energy sector at 1,000 percent greater than 2024 levels, while the emergency rescue and hospitals sector saw a 54 percent increase.
The report also outlined four major tactics employed by China’s cyberarmy, namely hardware and software vulnerability exploitation, distributed denial-of-service (DDoS), social engineering, and supply chain attacks.
First, attacks exploiting hardware and software vulnerabilities accounted for 57 percent of China’s hacking operations, underscoring China’s growing efforts to bolster the operational capacity of vulnerability weaponization, the bureau said.
Photo courtesy of the National Security Bureau
It has leveraged the software and hardware vulnerabilities of information and communications technology (ICT) equipment manufactured by international suppliers or those involved in government procurement joint supply contracts, the report said.
Chinese hackers targeted ICT equipment with unpatched vulnerabilities to circumvent identity verification and gain administrative access to steal classified data, it added.
Second, regarding DDoS attacks, which accounted for 21 percent, China’s cyberarmy uses a large number of botnets to send high-frequency connection requests simultaneously to try to compromise the operations of external networks in Taiwan’s critical infrastructure, the bureau said.
This approach intends to delay or paralyze Taiwan’s critical infrastructure’s services, and therefore impact Taiwanese’s daily lives, it added.
Third, for social engineering attacks, which accounted for 18 percent, China’s cyberarmy poses as business contacts of its targets and sending phishing e-mails to deceive specific targets to click on malicious links and open malicious attached files, the bureau said.
Chinese hackers might also employ the ClickFix technique to fabricate error messages or update requirements, it added.
These techniques aim to trick the targets into activating malware that would give the attacker elevated system permissions, it said.
Fourth, for supply chain attacks, which accounted for 4 percent, China’s cyberarmy tries to infiltrate the networks of suppliers of Taiwan’s critical infrastructure as well as their cooperative enterprises, the bureau said.
By conducting identity-theft to cover illegal activities, Chinese hackers would seize those targets’ shared systems, system upgrades and equipment maintenance to implant and spread malware among Taiwan’s critical infrastructure, it said.
The report also outlined the top five Chinese hacker groups, namely BlackTech (黑科技), Flax Typhoon (亞麻颱風), Mustang Panda (野馬熊貓), APT41, and UNC3886.
The hacker groups launched cyberattacks against Taiwan’s critical infrastructure focusing on five primary sectors, including energy, healthcare, communications and transmission, administration and agencies, as well as technology, the bureau said.
The hacking methods included intensive probing of network equipment and industrial control systems of Taiwan’s energy companies and implantation of malware, it said.
The threat actors also employed ransomware to compromise the operations of major hospitals and sold data stolen from medical institutions on dark Web forums, it said, adding that at least 20 cases were identified last year.
Cybersecurity agencies and intelligence services across the Indo-Pacific region, NATO and the EU repeatedly identified China as a primary source of global cybersecurity threats, the bureau said.
China has fully integrated military, intelligence, industrial and technological capabilities across public and private sectors to enhance the depth of intrusion and operational stealth of its external cyberattacks through a wide range of tactics and techniques, it said.
In response to China’s cyberthreats, the NSB pledged to continue to work with the national intelligence community and relevant government agencies through the established joint defense and reporting mechanisms on information security to report and address China’s cyberattacks as quickly as possible.
The NSB said it last year convened information security dialogues and technical conferences with more than 30 countries worldwide.
The bureau said it strives to obtain timely intelligence on attack patterns of China’s cyberarmy by cooperating closely with international friends and allies.
Through international cooperation networks on information security, the NSB conducts joint investigations into malicious relay nodes, thereby supporting government decisionmaking and response preparedness, in addition to further enhancing the overall resilience and capacity of Taiwan’s critical infrastructure protection, it said.
A signaling system malfunction disrupted high-speed rail (HSR) services beginning at 8am today, with trains temporarily reduced to three northbound and three southbound trains per hour as authorities conduct inspections. The malfunction occurred on a section of track in Miaoli County during pre-operation checks early this morning, forcing northbound and southbound trains to use a single track, the HSR operator said. The regular schedule has been replaced with three hourly trains offering only nonreserved seating in each direction, stopping at every station, it said, adding that business class cars would still have reserved seating. Departures from terminal stations are scheduled at the top
DRONE CENTRAL: Taiwan aims to become Asia’s democratic hub for drones, with most exports focused on high-quality military-grade models, an official said Taiwan’s drone industry is expected to expand significantly by 2030, producing 100,000 units per month and exporting half of them, the Ministry of Economic Affairs said yesterday. Current drone production capacity is about 15,000 units per month, but the industry can quickly scale up as demand increases, Industrial Development Administration Director-General Chiou Chyou-huey (邱求慧) told a news conference in Taipei. Taiwan’s drone output grew 2.5-fold last year to NT$12.9 billion (US$408.3 million) under a government program to develop the uncrewed vehicle sector, he said. The Executive Yuan in October last year approved plans to invest NT$44.2 billion into domestic production of uncrewed aerial
VERBOSE VESSELS: A CGA cutter and a China Coast Guard exchanged verbal barbs for more than a day in Taiwanese-controlled waters before the Chinese vessel left The Taiwanese and Chinese coast guards had a standoff near the strategically located Pratas Islands (Dongsha Islands, 東沙群島) in the north of the South China Sea, the Coast Guard Administration (CGA) said yesterday. The two sides engaged in intense radio exchanges over sovereignty claims during the 33-hour standoff. China Coast Guard vessel 3501 eventually left the restricted waters, 26.6 nautical miles (49.2km) west of the Pratas Islands, at 5pm yesterday, the CGA said. Lying approximately between southern Taiwan and Hong Kong, the Taiwan-controlled Pratas are seen by some security experts as vulnerable to Chinese attack due to their distance — more than
WARNING: China should stop engaging in actions that undermine regional peace and stability, as it would only build resentment among people across the Strait, the CGA said China has deployed more than 100 navy, coast guard and other vessels in waters from the Yellow Sea to the South China Sea and the western Pacific since US President Donald Trump and Chinese President Xi Jinping (習近平) met in Beijing, National Security Council Secretary-General Joseph Wu (吳釗燮) said yesterday. “In this part of the world, #China is the one & only PROBLEM wrecking the #StatusQuo & threatening regional peace & stability,” Wu wrote on X. In a separate post, he said Beijing was coercing Taiwan’s maritime domain, calling it illegal and provocative, after the Coast Guard Administration (CGA) expelled a
RSS