News
China Hit Taiwan With 2.63 Million Cyberattacks Daily in 2025, Report Says
Comments
Link successfully copied
Guards raise the Taiwanese national flag on Democracy Boulevard at the Chiang Kai-shek Memorial Hall in Taipei, Taiwan, on Nov. 29, 2024. (I-Hwa Cheng/AFP via Getty Images)
By Frank Fang
1/5/2026Updated: 1/6/2026

TAIPEI, Taiwan—The Chinese regime’s cyberarmy launched a daily average of 2.63 million cyberattacks on Taiwan’s critical infrastructure in 2025, marking a 6 percent year-over-year increase, according to a report released by Taiwan’s National Security Bureau (NSB) on Jan. 5.

“Such a trend indicates a deliberate attempt by China to compromise Taiwan’s [critical infrastructure] comprehensively and to disrupt or paralyze Taiwanese government and social functions,” the report reads.

“China’s moves align with its strategic need to employ hybrid threats against Taiwan during both peacetime and wartime.”

The NSB stated that daily cyberattacks rose to an average of 2.46 million in 2024, doubling from 1.23 million in 2023.

The findings reflect the Chinese regime’s escalating campaign against Taiwan in recent years, part of broader efforts to undermine the island’s civil society and democratic institutions. The cyberintrusion has been accompanied by influence operations and military exercises aimed at pressuring Taipei and shaping public opinion on the island.

Energy, emergency rescue services, and hospitals were the most heavily targeted sectors within Taiwan’s critical infrastructure in 2025, with the energy sector recording a 1,000 percent increase from 2024, according to the report.

In the energy sector, Chinese hackers targeted publicly and privately owned companies in petroleum, electricity, and natural gas, sometimes deploying malware during software upgrades.

The NSB stated that Beijing was seeking to learn how these energy companies operated, procured resources, and operated their backup systems.

Chinese hackers used ransomware to compromise hospital systems, stealing patient information and health research data. According to the bureau, the hackers sold the stolen information on dark web forums “at least 20 times in 2025.”

Other sectors targeted by the Chinese cyberintrusion were administration and agencies, communications and transmission, transportation, water resources, finance, science parks and industrial parks, and food.

Chinese hackers sent emails containing malware in attachments to government departments, attempting to implant backdoors and steal information.

“China’s moves aim to gather intelligence on Taiwan’s government and undermine public trust in the government’s cybersecurity capabilities,” the bureau stated.

Beijing conducted cyberattacks against Taiwan’s semiconductor and military industries, the bureau said, in an effort to support its “self-reliance in technology and economic development.”

In general, Chinese hackers used four tactics: exploiting hardware and software vulnerabilities, distributed denial-of-service (DDoS) attacks, social engineering, and supply chain attacks.

Attacks exploiting hardware and software vulnerabilities accounted for 57 percent of all hacking tactics, the bureau said, followed by DDoS attacks at 21 percent, social engineering at 18 percent, and supply chain attacks at 4 percent.

For DDoS attacks, Chinese hackers aimed to “delay or paralyze [critical infrastructure’s] services, and thus impact Taiwanese people’s daily lives,” according to the report.

Social engineering attacks took the form of phishing emails and the ClickFix technique, which creates false error messages or fake update requirements to trick users into activating embedded malware, the NSB stated.

Regarding supply chain attacks, the report states that Chinese hackers attempted to infiltrate the networks of critical infrastructure suppliers to implant and spread malware.

The top Chinese hacking groups that targeted Taiwan in 2025 were BlackTech, Flax Typhoon, Mustang Panda, APT41, and UNC3886, according to the report.

In the United States, China-linked hacking groups Volt Typhoon and Flax Typhoon have targeted U.S. critical infrastructure, and another group called Salt Typhoon has attacked U.S. telecommunications networks.

In 2020, the U.S. Justice Department charged five Chinese nationals, all members of APT41, who were accused of stealing trade secrets and sensitive information from more than 100 companies and entities around the world. The FBI has placed the five defendants on its most wanted list.

The report states that the NSB established cybersecurity cooperation with more than 30 countries in 2025.

“Through information security dialogues and technical conferences, the NSB strives to obtain timely intelligence on attack patterns of China’s cyber army,” the bureau stated, before asking “all nationals to raise their cybersecurity awareness and remain vigilant against cyber threats posed by China.”

Share This Article:
Frank Fang
Author
Frank Fang is a Taiwan-based reporter. He covers U.S., China, and Taiwan news. He holds a master's degree in materials science from Tsinghua University in Taiwan.
More from Frank Fang
Chinese Consulate Security Attacks Protesters Who Celebrated Maduro’s Capture
January 6, 2026
2 Chinese Nationals Detained Over Alleged Scheme to Smuggle Nvidia AI Chips to China
December 9, 2025
US Customs Officials Seize Over $775,000 in Fake Children’s Toys From China
November 28, 2025
Trending
Latest
1
What Jobs and Housing Look Like in California in 2026 | Jim Doti
2
Former Energy Commissioner: Here’s Why California Electricity Is So Expensive | James Boyd
3
The Real Reason California Students Are Falling Behind | David Jackson
4
Why Renting Is Becoming Harder in Los Angeles
5
California’s Healthcare is Pivoting Toward Holistic Care
ADVERTISEMENT
Privacy PolicyAbout UsContact UsTerms of ServiceNewslettersSupport Us

©2023-2026 California Insider All Rights Reserved. California Insider is a part of Epoch Media Group.