Taiwan's Critical Infrastructure Under Intensified Chinese Cyberattack Barrage in 2025

Escalation in Cyber Intrusions

Taiwan's critical infrastructure endured an average of 2.63 million daily cyberattack attempts in 2025, marking a 6% increase from the previous year and a substantial 113% rise compared to 2023. This data, released by Taiwan's National Security Bureau (NSB) in its 'Analysis on China's Cyber Threats to Taiwan's Critical Infrastructure in 2025' report, identifies China as the source of most intrusions.

The intensified cyber offensive targeted nine key sectors across the island, including government agencies, energy, communications, transportation, emergency services and hospitals, water resources, finance, science and industrial parks, and food installations. The NSB views these persistent attacks as a component of China's 'hybrid warfare' strategy, which integrates cyber operations with military pressure and disinformation campaigns.

Targeted Sectors and Tactics

The energy sector experienced the most significant surge, with a tenfold increase in cyberattacks in 2025 compared to 2024. Emergency rescue services and hospitals also saw a notable rise, with a 54% increase in intrusion attempts. These attacks often involved sophisticated methods aimed at disrupting services and stealing sensitive data.

The NSB report detailed four primary tactics employed by Chinese threat actors:

• Hardware and software vulnerability exploitation: Accounting for over 50% of the intrusion attempts.
• Distributed Denial-of-Service (DDoS) attacks: Designed to overwhelm systems and compromise external network operations.
• Social engineering attacks: Including phishing emails and fabricated error messages to trick targets.
• Supply chain attacks: Infiltrating networks of suppliers and subcontractors to spread malware.

Several Chinese hacker groups were identified as active in these operations, including BlackTech, Flax Typhoon, Mustang Panda, APT41, and UNC3886.

Correlation with Geopolitical Events

Taiwanese authorities observed a clear correlation between the cyberattacks and China's political and military activities. Cyber intrusions frequently escalated during China's joint combat readiness patrols near the island, with cyber activity intensifying during 23 of the 40 patrols conducted in 2025. Spikes in attacks also coincided with significant political events, such as major ceremonies, important government statements, or overseas visits by high-level Taiwanese officials.

In response to these threats, the NSB has pledged to enhance its cybersecurity defenses and strengthen cooperation with international partners. In 2025, the bureau engaged in information security dialogues and technical conferences with over 30 countries worldwide to gather intelligence on attack patterns and bolster collective resilience. Beijing, however, routinely denies its involvement in such cyber activities.