By Michael Zhuang

China has dramatically escalated cyberattacks against Taiwan’s critical infrastructure, launching an average of 2.63 million attacks per day in 2025, according to a new report by Taiwan’s National Security Bureau. Some of the attacks coincided with Chinese military drills around Taiwan, underscoring what analysts describe as a coordinated campaign to probe Taiwan’s ability to function under crisis or wartime conditions.

The findings, released Jan. 4, point to a sharp intensification of cyber operations targeting essential civilian systems—from energy and emergency services to hospitals and telecommunications—raising concerns that Beijing is rehearsing cyber disruption as part of a broader coercive strategy.

Escalation in Scale and Targeting

According to the bureau’s report, titled “Analysis on China’s Cyber Threats to Taiwan’s Critical Infrastructure in 2025,” the average daily volume of cyberattacks surged by 113 percent compared with 2023, when Taiwan first began publishing such figures.

The attacks are increasingly targeting sectors vital to daily life and critical government operations, including power grids, hospitals, emergency response networks, and communications infrastructure. Taiwanese officials say the pattern suggests a deliberate effort to undermine social stability and cripple government functionality in a crisis.

The bureau identified five major Chinese-linked hacking groups behind the activity: BlackTech, Flax Typhoon, Mustang Panda, APT41, and UNC3886. These groups have repeatedly targeted infrastructure in Taiwan’s energy, health care, telecommunications, government, and high-tech sectors.

From Disruption to Espionage

The report details a range of tactics, including distributed denial-of-service (DDoS) attacks designed to overwhelm civilian telecom networks and disrupt daily communications. More covertly, Chinese hackers have also targeted telecommunications intermediaries to steal intelligence and embed themselves more deeply into Taiwan’s networks.

Industrial and technology hubs—including areas linked to TSMC, the world’s leading advanced chipmaker—have also become major targets. Chinese hackers have employed multiple techniques to siphon off sensitive technological data, according to the report.

Notably, the bureau found that spikes in cyber activity often coincided with Chinese military pressure, major Taiwanese public events, or overseas trips by senior Taiwanese officials—suggesting careful timing rather than random activity.

Cyberwarfare as Opening Battlefield

Shen Ming-Shih, a research fellow at Taiwan’s Institute for National Defense and Security Research, said the scale of attacks reflects technological advances rather than just manpower.

“In the past, China relied on individual hackers or contract-based attacks,” Shen told The Epoch Times. “Now, with AI and big data, it can deploy automated systems that continuously collect information, customize attacks against specific targets, and strike on a fixed schedule. That’s why the number of attacks can reach the millions per day.”

He noted that the power grid, health care services, government agencies, and key communications nodes are all part of Taiwan’s officially designated critical infrastructure.

“If Taiwan were blockaded or isolated, these systems would be decisive,” Shen said. “That’s why [the CCP] is targeting them.”

Cyberwarfare, Shen added, would likely precede any armed conflict.

“Before any missiles are launched, your opposing side will already be using cyber warfare to paralyze your internal operations,” he said. “The integration of military weapons systems also depends on networks, as does coordination between the military, civilians, and the government. Without reliable networks, command efficiency drops sharply. That is why the impact of full-spectrum cyber warfare may ultimately be even more significant than that of missiles.”

Broader ‘Hybrid Warfare’ Campaign

Taiwanese officials have increasingly described China’s pressure campaign as “hybrid warfare,” combining frequent military drills around the island with disinformation campaigns and sustained cyberattacks.

To counter the threat, Shen urged Taiwan to systematically study Chinese cyberattack patterns used against other countries and develop countermeasures before a crisis erupts.

Similar warnings were echoed by Lin Ying-Yu, an associate professor in international affairs at Tamkang University in Taiwan, who wrote that Chinese hackers continue to rely heavily on advanced persistent threat (APT) operations.

“These attacks are highly customized,” Lin said at a recent cybersecurity forum in Taipei. “The attackers deeply understand their targets and design tailor-made phishing emails, often escalating from broad phishing to precise spear-phishing.”

Lin said that defending against such attacks requires not only technical upgrades but also changes in organizational structures, to prevent what he described as Beijing’s “thousand grains of sand” intelligence strategy—an approach that mobilizes resources across China’s security agencies, military units, and Party-state institutions.

Global Concern

Lee Yeau-Tarn, a professor in political science at National Chengchi University in Taiwan, told The Epoch Times that Beijing’s ambitions toward Taiwan have never wavered and are now being pursued through what he called “near-war” tactics backed by military force and cyber operations.

Since the start of 2025, cybersecurity and intelligence agencies across the Indo-Pacific, NATO, and the European Union have repeatedly identified China as one of the world’s primary sources of cyber threats.

The concern is no longer limited to Taiwan. On Dec. 9, the British government imposed sanctions on two Chinese tech companies accused of conducting indiscriminate cyberattacks against multiple countries, and said that such behavior poses a serious threat to global security.

A Warning Beyond Taiwan

Asked about the recent capture of Venezuelan leader Nicolás Maduro by the U.S. military, Lee said the case highlights a broader challenge posed by authoritarian regimes.

“Countries like China and Russia pose far greater dangers to their neighbors than smaller authoritarian states,” he said. “Democratic nations should focus more seriously on confronting the core threats posed by centralized authoritarian power.”

For Taiwan, the recent report on cyberattacks shows that any future conflict may begin not with missiles or troops, but with millions of silent cyber strikes aimed at the systems that keep society running.

Ning Haizhong and Luo Ya contributed to this report.