Ddos 
Recently, Taiwan’s National Security Bureau (NSB) has released a comprehensive report detailing a massive surge in state-sponsored cyber aggression. The analysis for the year 2025 paints a grim picture: China’s cyber army has ramped up its offensive, launching an average of 2.63 million intrusion attempts per day against Taiwan’s critical infrastructure (CI).
This figure represents a 6% increase compared to the previous year, signaling a “deliberate attempt by China to compromise Taiwan’s CI comprehensively and to disrupt or paralyze Taiwanese government and social functions”.
The most alarming trend identified in the report is the strategic shift in targets. While attacks span nine key sectors, the Energy sector saw an unprecedented 1,000% increase in attacks compared to 2024 . Emergency rescue services and hospitals were also heavily targeted, witnessing a 54% surge.
“China’s cyber army intensively probes into the network equipment and industrial control systems of Taiwan’s public-owned and private energy companies,” the report states, noting that hackers often plant malware during system upgrades to monitor operational planning.
The NSB analysis highlights that these are not random skirmishes but carefully orchestrated operations synchronized with physical military and political pressure.
“China’s moves align with its strategic need to employ hybrid threats against Taiwan during both peacetime and wartime”.
The data shows a clear correlation between cyber offensives and physical military maneuvers. During the 40 joint combat readiness patrols (JCRP) conducted by the People’s Liberation Army (PLA) in 2025, China’s cyber army simultaneously escalated attacks 23 times.
Political milestones were also flashpoints. Attack volumes peaked in May during the first anniversary of President Lai’s inauguration and climbed again in November during Vice President Hsiao’s trip to Europe.
The report identifies five primary Chinese hacker groups leading the charge, each with specialized targets:
- BlackTech & UNC3886: Focused on administration and science parks.
- Flax Typhoon: Targeting emergency rescue and hospitals.
- Mustang Panda: Zeroing in on administration and energy.
- APT41: A versatile group attacking nearly all critical sectors, including water resources and transportation.
These groups employ a mix of tactics, but exploiting hardware and software vulnerabilities remains the favorite, accounting for 57% of all incidents . Other methods include DDoS attacks (21%), social engineering (18%), and supply chain attacks (4%).
The NSB emphasizes that this is not just a regional issue. Throughout 2025, intelligence services from the US, NATO, and the EU have all issued warnings regarding China’s cyber capabilities. A joint advisory in August 2025 by 23 intelligence services from 13 countries pointed out that “China’s state-sponsored hacker groups have compromised critical infrastructure and networks worldwide”.
In response, Taiwan has deepened its international cooperation, establishing cybersecurity partnerships with over 30 countries to share intelligence and investigate malicious relay nodes.
“The NSB urges all nationals to raise their cybersecurity awareness and remain vigilant against cyber threats posed by China, so that we could jointly safeguard the comprehensive cybersecurity of Taiwan”.
Donate