Chinese cyber threat actors intensified effort to gain access to Taiwan’s critical infrastructure organizations in 2025, with a particular emphasis on the energy sector, emergency rescue entities and hospitals.
In a new report published on January 4, the National Security Bureau (NSB) of the Republic of China, the official name of Taiwan, shows that the country’s critical infrastructure suffered unprecedented cyber intrusion attempts coming from China over the past year.
The NSB recorded a total of 960,620,609 cyber intrusion attempts targeting Taiwan’s critical infrastructure allegedly coming from “China’s cyber army” in 2025. This represents an average of 2.63 million cyber intrusion attempts hitting one organization deemed critical by the island nation every day.
This also marks a 6% increase from 2024 data and a 112.5% increase compared to 2023.
In Taiwan, the nine sectors considered critical include communications and transmission, emergency rescue and hospitals, energy, finance, food, public administrations and government agencies, science parks and industrial parks, transportation and water resources.
The most staggering spike in Chinese cyber intrusion attempts targeted the Taiwanese energy sector, which saw a tenfold increase compared to 2024 attacks.
Emergency rescue entities and hospitals on the island also suffered heightened cyber threats coming from China, with a reported 54% rise in intrusion attempts in 2025 compared to the previous year.
In contrast, water resources and finance saw significant decreases in Chinese-based cyber-attack attempts, dropping by 50% and 48.2% respectively.
Top Chinese Hacking Groups Targeting Taiwan
The top five Chinese hacker groups identified by the NSB for targeting Taiwanese critical infrastructure in 2025 included BlackTech (aka Circuit Panda, Canary Typhoon and Earth Hundu), Flax Typhoon (aka Ethereal Panda, Storm-0919), Mustang Panda (aka Basin, Bronze President and Twill Typhoon), APT41 (aka Bronze Atlas, Brass Typhoon, Double Dragon, Leopard Typhoon and Wicked Panda) and UNC3886.
These five groups reportedly focused on five primary sectors, including energy, healthcare, communications and transmission, administration and agencies and technology.
“In particular, the hacking methods included intensive probing of network equipment and industrial control systems (ICS) of Taiwan’s energy companies and implantation of malware,” reads the report.
“The threat actors also employed ransomware to compromise the operation of major hospitals, and sold data stolen from medical institutions on dark web forums. In 2025, at least 20 cases were identified.”
Globally, the NSB report outlined four major tactics employed by Chinese threat actors when targeting Taiwan critical infrastructure organizations in 2025: hardware and software vulnerability exploitation, distributed denial-of-service (DDoS), social engineering and supply chain attacks.
Despite being listed as different tactics, threat actors typically combine two or more approaches in cyber intrusion campaigns.
The NSB noted that vulnerability exploitation appeared in more than half of China’s hacking operations.
Notably, these actors exploited vulnerabilities in the network equipment of Taiwan’s telecom industry and hacked into networks of service providers and subcontractors to infiltrate sensitive and backup communication links.
Read now: Chinese APT Group Targets Web Hosting Services in Taiwan
Chinese Hacking Tied to Military and Political Events
Finally, the NSB report highlighted that Chinese actors’ campaigns against Taiwanese organizations followed specific pattern in conjunction with Taiwanese national or geopolitical events.
For instance, the report noted that in 2025, hacking and intrusion operations against Taiwan demonstrated a certain extent of correlation with joint combat readiness patrols carried out by China’s People’s Liberation Army (PLA).
The NSB also found that China ramped up hacking activities during Taiwan’s major ceremonies, the issuances of important government statements or overseas visits by high-level Taiwanese officials.
The report stated that cyber-attacks targeting Taiwan peaked in May 2025, coinciding with the first anniversary of the inauguration of the Taiwanese president, Lai Ching-te.
