DOCUMENTING HYBRID WARFARE / — incidents / UPDATED LATEST: 
Sabotage Watch SABOTAGEWATCHHybrid Threat Monitor
Cyber

Escalation in Chinese Cyberattacks on Taiwan Government Networks

01 January 2024 · Taiwan
Satellite Imagery © Esri

What happened

In a report released on 05 January 2025, Taiwan's National Security Bureau (NSB) said the average number of daily cyberattacks targeting government networks roughly doubled in 2024, reaching about 2.4 million attacks per day, up from roughly 1.2 million the previous year. The NSB attributed the bulk of the activity to Chinese state-backed hackers and framed it as part of Beijing's broader pressure campaign against the island. As Reuters reported, the bureau warned that while most attempts were detected and blocked, the rising volume reflected the increasingly severe nature of China's hacking activities.

According to the NSB report, the campaign concentrated on government, telecommunications, transport and the defense supply chain. Compared with 2023, the bureau recorded sharp increases in attacks on telecommunications (about 650 percent), transportation (about 70 percent) and the defense supply chain (about 57 percent). The NSB also logged 906 confirmed breaches of government and private sector systems in 2024, a roughly 20 percent rise from the 752 cases counted in 2023.

Focus Taiwan, citing the same NSB assessment, reported that the attackers frequently exploited vulnerabilities in networking equipment and relied on stealth techniques such as living-off-the-land tradecraft and social engineering aimed at the email accounts of civil servants for espionage. The bureau said Chinese hackers timed distributed denial-of-service operations against Taiwan's transport and financial sectors to coincide with Chinese military drills near the island, intending to intensify the harassment effect and amplify military intimidation.

Assessment

The figures are an official Taiwanese government assessment, and the precise daily count should be read as the NSB's own tally of detected attempts rather than independently audited losses. Even so, the doubling of volume, the concentration on critical infrastructure and defense supply chains, and the synchronization of denial-of-service waves with PLA exercises point to cyber operations being used as a coercive instrument alongside conventional military pressure. The pattern is consistent with separately documented China-linked campaigns against Taiwan's drone, satellite and semiconductor sectors, suggesting a sustained, multi-vector effort rather than isolated intrusions.

This dossier summarises open-source reporting and is updated as the investigation develops. Read the original report via the source link.