China-linked groups intensify attacks on Taiwan’s critical infrastructure, NSB warns

Taiwan says China-linked cyberattacks on its energy sector rose tenfold in 2025, hitting critical infrastructure across nine sectors, with total incidents up 6%.

Taiwan reports China-linked cyberattacks on its energy sector surged tenfold in 2025, targeting critical infrastructure across nine sectors, with total incidents up 6% YoY.

Taiwan’s National Security Bureau (NSB) reports China launched an average of 2.63M daily cyber intrusion attempts in 2025 against nine critical sectors, with energy and hospitals most targeted.

“China’s cyberattacks have been conducted in conjunction with political and military coercive actions. In 2025, relevant hacking and intrusion operations against Taiwan demonstrated a certain extent of correlation with the joint combat readiness patrols carried out by the People’s Liberation Army.” reads the report published by the NSB. “In addition, China would ramp up hacking activities during Taiwan’s major ceremonies, the issuances of important government statements, or overseas visits by high-level Taiwanese officials. Notably, the cyberattacks targeting Taiwan peaked in May of 2025, the first anniversary of President Lai’s inauguration.”

China’s cyber army uses four main tactics: exploiting hardware/software vulnerabilities, DDoS attacks, social engineering, and supply-chain attacks. Vulnerability exploitation accounts for over half of operations, showing advanced weaponization. Groups such as BlackTech, Flax Typhoon, Mustang Panda, APT41, and UNC3886 targeted Taiwan’s energy, healthcare, communications, government, and tech sectors, probing ICS and networks, deploying malware, using ransomware against hospitals, and selling stolen medical data. At least 20 cases were confirmed in 2025.

China’s cyber army exploited flaws in Taiwan’s telecom networks, breaching service providers and subcontractors to access sensitive and backup communications. It also used targeted social engineering against central government agencies and expanded attacks across semiconductor and defense supply chains to steal advanced technologies and strategic intelligence. In 2025, agencies across the Indo-Pacific, NATO, and the EU identified China as a leading global cyber threat, highlighting its integration of military, intelligence, industrial, and tech resources to enhance stealth and impact. Taiwan’s NSB strengthened joint defense, reporting, and international cooperation with over 30 countries, conducting shared investigations and urging public vigilance to bolster critical infrastructure resilience.

“The NSB established cybersecurity cooperation with over 30 countries worldwide in 2025. Through information security dialogues and technical conferences, the NSB strives to obtain timely intelligence on attack patterns of China’s cyber army. Furthermore, through networks of international information security cooperation, the NSB conducts joint investigations into malicious relay nodes, thereby supporting government decision making, response preparedness, and further enhancing the overall resilience and capacity of Taiwan’s CI protection.” concludes the report. “The NSB urges all nationals to raise their cybersecurity awareness and remain vigilant against cyber threats posed by China, so that we could jointly safeguard the comprehensive cybersecurity of Taiwan.”

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, China)