China behind major jump in cyberattacks on Taiwan, report finds

China stepped up its cyberattacks on vulnerable sections of Taiwan’s critical infrastructure in 2025, according to an analysis from Taiwan’s National Security Bureau released this week.

China’s “cyber army” infiltrated nearly every sector of Taiwan’s economy last year, with at least 2.63 million infiltration attempts each day, the analysis found. Those attempts account for a 6% yearly rise in total cyberattacks, compared to 2024.

Researchers note that Chinese hackers used four major tactics: exploitation of software and hardware vulnerabilities; distributed denial of service, or DDoS, attacks; supply chain attacks; and social engineering.

“The hacking methods included intensive probing of network equipment and industrial control systems of Taiwan’s energy companies, and implantation of malware. The threat actors also employed ransomware to compromise the operation of major hospitals, and sold data stolen from medical institutions on dark web forums,” the analysis reads.

The revelations come as Beijing steps up its aggressive moves against Taiwan, an island nation that China has claimed as part of its territory for decades. Last month, China initiated one of its largest military drills ever, launching several missiles in the waters around Taiwan and nearly surrounding the democratically governed island with warships.

The analysis says that large-scale hacking operations aimed at Taiwan often corresponded with intimidating military drills.

“China’s cyberattacks have been conducted in conjunction with political and military coercive actions. In 2025, relevant hacking and intrusion operations against Taiwan demonstrated a certain extent of correlation with the joint combat readiness patrols carried out by the People’s Liberation Army,” the researchers wrote. “China would ramp up hacking activities during Taiwan’s major ceremonies, the issuance of important government statements, or overseas visits by high-level Taiwanese officials.”

Researchers identified four groups — Flax Typhoon, Mustang Panda, APT41 and UNC3886 — as being responsible for dozens of hacking operations in 2025 targeting Taiwan’s critical infrastructure. The groups have ties to the Chinese Communist Party, and the U.S. government has designated Flax Typhoon as a state-sponsored malicious cyber group.

China has frequently denied allegations that it sponsors hacking groups and uses them to target Taiwan or other nations.

“We have always opposed ⁠and lawfully ‌combated hacker activities, and we are even more ‍opposed to spreading false information related to China for political purposes,” Chinese Foreign Ministry spokesperson ‌Mao Ning told reporters Thursday about allegations that Beijing was behind a recent cyberattack on congressional employees.