cross-posted from: lemmy.sdf.org/post/48582192
New data from Taiwan’s National Security Bureau (NSB) shows that China’s cyber army launched an average of 2.63 million intrusion attempts per day in 2025 against the island’s critical infrastructure across nine key sectors, including government agencies, energy, communications, transportation, emergency services and hospitals, water resources, finance, science and industrial parks, and food installations. The activity represents a 6% increase over 2024, while the average number of daily attacks in 2025 jumped 113% from 2023, with the energy and emergency rescue and hospital sectors seeing the sharpest year-on-year rise in cyberattacks linked to Chinese threat actors.
In its report titled ‘Analysis on China’s Cyber Threats to Taiwan’s Critical Infrastructure in 2025,’ the agency disclosed that China’s cyberattacks against Taiwan’s critical infrastructure organizations involve four major tactics, including attacks on hardware and software vulnerabilities, distributed denial-of-service (DDoS) attacks, social engineering attacks, and supply chain attacks. China has flexibly maneuvered these tactics to launch cyberattacks. The report also detailed that China’s cyber activity spans multiple critical sectors, with tactics tailored to each environment and objective.
[…]
The NSB identified that China’s cyberattacks have been conducted in conjunction with political and military coercive actions. In 2025, relevant hacking and intrusion operations against Taiwan demonstrated a certain extent of correlation with the joint combat readiness patrols carried out by the People’s Liberation Army.
Additionally, China would ramp up hacking activities during Taiwan’s major ceremonies, the issuance of important government statements, or overseas visits by high-level Taiwanese officials. Notably, the cyberattacks targeting Taiwan peaked in May of 2025, the first anniversary of President Lai Ching-te’s inauguration.
[…]
The Taiwanese agency mentioned that the top five Chinese hacker groups included BlackTech, Flax Typhoon, Mustang Panda, APT41, and UNC3886, launched cyber operations against Taiwan’s CI, focusing on five primary sectors, including energy, healthcare, communications and transmission, administration and agencies, and technology.
[…]