China Hit Taiwan With 2.63 Million Cyberattacks Daily in 2025, Report Says

Udumbara Udumbara
Jan 6, 2026 - 10:53 Updated: Jan 6, 2026 - 03:56
0
China Hit Taiwan With 2.63 Million Cyberattacks Daily in 2025, Report Says

.

TAIPEI, Taiwan—The Chinese regime’s cyber army launched a daily average of 2.63 million cyberattacks on Taiwan’s critical infrastructure in 2025, marking a 6 percent year-over-year increase, according to a report released by Taiwan’s National Security Bureau (NSB) on Jan. 5.

“Such a trend indicates a deliberate attempt by China to compromise Taiwan’s CI [critical infrastructure] comprehensively and to disrupt or paralyze Taiwanese government and social functions,” the report reads.

“China’s moves align with its strategic need to employ hybrid threats against Taiwan during both peacetime and wartime.”

The NSB noted that daily cyberattacks rose to an average of 2.46 million in 2024, doubling from 1.23 million in 2023.

The findings reflect the Chinese regime’s escalating campaign against Taiwan in recent years, part of broader efforts to undermine the island’s civil society and democratic institutions. The cyber intrusion has been accompanied by influence operations and military exercises aimed at pressuring Taipei and shaping public opinion on the island.

Energy, emergency rescue services, and hospitals were the most heavily targeted sectors within Taiwan’s critical infrastructure in 2025, with the energy sector recording a 1,000 percent increase from 2024, according to the report.

In the energy sector, Chinese hackers targeted publicly and privately owned companies in petroleum, electricity, and natural gas, sometimes deploying malware during software upgrades.

The NSB explained that Beijing was seeking to learn how these energy companies operated, procured resources, and operated their backup systems.

Chinese hackers used ransomware to compromise hospital systems, stealing patient information and health research data. According to the bureau, the hackers sold the stolen information on dark web forums “at least 20 times in 2025.”

Other sectors targeted by the Chinese cyber intrusion were administration and agencies, communications and transmission, transportation, water resources, finance, science parks and industrial parks, and food.

Chinese hackers sent emails containing malware in attachments to government departments, attempting to implant backdoors and steal information.

“China’s moves aim to gather intelligence on Taiwan’s government and undermine public trust in the government’s cybersecurity capabilities,” the bureau stated.

Beijing conducted cyberattacks against Taiwan’s semiconductor and military industries, the bureau said, in an effort to support its “self-reliance in technology and economic development.”

In general, Chinese hackers used four tactics: exploiting hardware and software vulnerabilities, distributed denial-of-service (DDoS) attacks, social engineering, and supply chain attacks.

Attacks exploiting hardware and software vulnerabilities accounted for 57 percent of all hacking tactics, the bureau said, followed by DDoS attacks at 21 percent, social engineering at 18 percent, and supply chain attacks at 4 percent.

For DDoS attacks, Chinese hackers aimed to “delay or paralyze CI’s [critical infrastructure’s] services, and thus impact Taiwanese people’s daily lives,” according to the report.

Social engineering attacks took the form of phishing emails and the ClickFix technique, which creates false error messages or fake update requirements to trick users into activating embedded malware, the NSB said.

Regarding supply chain attacks, the report stated that Chinese hackers attempted to infiltrate the networks of critical infrastructure suppliers to implant and spread malware.

The top Chinese hacking groups that targeted Taiwan last year were BlackTech, Flax Typhoon, Mustang Panda, APT41, and UNC3886, according to the report.

In the United States, China-linked hacking groups Volt Typhoon and Flax Typhoon have targeted U.S. critical infrastructure, and another group called Salt Typhoon has attacked U.S. telecommunications networks.
In 2020, the U.S. Justice Department charged five Chinese nationals, all members of APT41, who were accused of stealing trade secrets and sensitive information from more than 100 companies and entities around the world. The FBI has placed the five defendants on its most wanted list.

The report said that the NSB had established cybersecurity cooperation with more than 30 countries in 2025.

“Through information security dialogues and technical conferences, the NSB strives to obtain timely intelligence on attack patterns of China’s cyber army,” the bureau stated, before asking “all nationals to raise their cybersecurity awareness and remain vigilant against cyber threats posed by China.”

.

Read More