Researchers Warn of ‘Smiao Network’ Cyber Threat Against Taiwan’s Federal Staff

The Foundation for Defense of Democracies (FDD) and cybersecurity firm TeamT5 has exposed an intricate Chinese intelligence operation, dubbed the ‘Smiao Network,’ targeting federal workers in both the United States and Taiwan.

This network, linked to the Chinese technology company Smiao Intelligence, employs deceptive online recruitment schemes to extract sensitive information from high-value professionals.

Initially uncovered earlier this spring, the operation used fake consulting firms to target laid-off U.S. federal employees.

Now, further research has revealed a parallel effort aimed at Taiwan, employing similar tactics of leveraging online work platforms and geopolitical consulting as a cover.

While FDD reports no concrete evidence of success in Taiwan, a related case in the U.S. saw an Army intelligence analyst recruited through these methods, resulting in the leak of over 92 sensitive military documents, as detailed in an April 2025 Department of Justice press release.

A New Facet of the Smiao Network

Delving deeper, TeamT5 identified an extension of the Smiao Network called Pine Intelligence, connected through a shared phone number with RiverMerge Strategies, another fictitious geopolitical risk consulting entity within the network.

Pine Intelligence falsely claims to be a Taiwan-based premier consulting firm, yet lists a nonexistent address and previously shared a mainland China-specific 400-prefix phone number with RiverMerge.

Linguistic analysis of its website, which uses traditional Chinese characters common in Taiwan, reveals telltale signs of its origins eight simplified Chinese characters and a translation error mistaking “position” for “noodles” suggest automated conversion from simplified Chinese, likely by mainland creators.

Additionally, historical web-hosting records link Pine Intelligence to Smiao Intelligence’s parent company domains, while its website mirrors 80 percent of its source code and favicon from an authentic Australian firm, taiwanrisk[.]com, a cloning tactic frequently used by the Smiao Network.

The use of Chengmail, a niche Chinese email service, further ties Pine Intelligence to four other entities in the network, as confirmed by cyber threat intelligence firm Silent Push.

Enhanced Cyber Cooperation

The parallel cyber threats faced by the United States and Taiwan underscore a pressing need for robust intelligence sharing to counter Beijing’s espionage efforts.

These operations extend beyond critical infrastructure attacks to sophisticated social engineering aimed at recruiting insiders.

Reports indicate that the U.S. government has initiated intelligence collaboration with Taipei, a move that experts urge must be expanded.

Incorporating private sector and non-profit expertise could amplify these efforts, drawing parallels to successful threat-sharing initiatives aiding Ukraine since 2022.

As tensions between Beijing and Taipei persist, proactive measures to safeguard sensitive data and personnel are critical.

The Smiao Network’s evolving tactics highlight the urgency of preemptive strategies to protect national security assets in both regions from such covert cyber operations, ensuring that potential vulnerabilities are addressed before they can be exploited in a heightened geopolitical conflict.

Find this News Interesting! Follow us on Google News, LinkedIn, & X to Get Instant Updates!