China’s state-sponsored cyber operations against Taiwan have intensified dramatically, with threat actors launching an average of 2.63 million intrusion attempts daily targeting critical infrastructure across nine primary sectors, according to a newly released report from Taiwan’s National Security Bureau (NSB).
The NSB report documents a concerning pattern of synchronized cyber warfare operations that correlate directly with political and military coercion efforts.
Chinese hacking activities demonstrated measurable alignment with People’s Liberation Army joint combat readiness patrols throughout 2025.
Attack volumes spiked during Taiwan’s major ceremonies, government policy announcements, and overseas diplomatic visits by senior officials.
The most intense attack wave occurred in May 2025, coinciding with the first anniversary of President Lai’s inauguration, underscoring Beijing’s use of cyber operations as a strategic pressure mechanism.
The “Analysis on China’s Cyber Threats to Taiwan’s Critical Infrastructure in 2025” reveals a 6% increase in cyberattacks compared to 2024, with energy and emergency rescue/hospital sectors experiencing the most significant surge in malicious activity.
Four-Pronged Attack Strategy
Chinese cyber army operations employed four primary tactics: hardware and software vulnerability exploitation, distributed denial-of-service (DDoS) attacks, social engineering, and supply chain compromises.
Notably, vulnerability exploitation accounted for more than half of all hacking operations, highlighting China’s accelerating capability in weaponizing zero-day and n-day vulnerabilities.
The targeted sectors included administration and agencies, energy, communications and transmission, transportation, emergency rescue and hospitals, water resources, finance, science parks and industrial parks, and food infrastructure.
Five prominent Chinese Advanced Persistent Threat (APT) groups spearheaded the campaign: BlackTech, Flax Typhoon, Mustang Panda, APT41, and UNC3886.
These elite units concentrated operations on energy, healthcare, communications, government agencies, and technology sectors.
Attack methodologies included intensive reconnaissance of network equipment and industrial control systems within Taiwan’s energy infrastructure, malware implantation across telecommunications networks, and ransomware deployment against major hospitals.
At least 20 documented cases involved stolen medical data being sold on dark web marketplaces.
The threat actors exploited vulnerabilities in telecom network equipment, compromised service providers and subcontractors to infiltrate sensitive communication links, and dispatched highly-customized social engineering emails to Taiwan’s central government agencies.
Beyond targeting science parks, operations extended to semiconductor and defense industry supply chains seeking to exfiltrate advanced technologies, industrial blueprints, and strategic decision-making intelligence.
The NSB emphasized its commitment to international cooperation, having convened information security dialogues with over 30 countries throughout 2025.
Through collaborative intelligence sharing and joint investigations into malicious relay infrastructure, Taiwan continues strengthening its cyber defense posture against persistent Chinese cyber threats while urging public vigilance to safeguard national cybersecurity.
Follow us on Google News, LinkedIn, and X to Get Instant Updates and Set GBH as a Preferred Source in Google.