Taiwan’s National Security Bureau (NSB) released a sobering report on January 4, revealing that Chinese-linked cyberattacks targeting the island’s critical infrastructure averaged 2.63 million per day throughout 2025—a 6% increase from 2024 and a staggering 113% jump since tracking began in 2023.

These state-sponsored operations, often synchronized with PLA military drills, represent a deliberate “hybrid warfare” strategy aimed at disrupting or paralyzing key sectors like energy, healthcare, and semiconductors.

Key Findings from the NSB Report

• Daily Attack Volume: 2.63 million intrusion attempts on average, up 6% YoY.
• Sharpest Increases: Energy, emergency rescue, and hospital sectors saw the most dramatic spikes.
• Hybrid Timing: Cyber surges coincided with 23 of China’s 40 “joint combat readiness patrols” in 2025.
• Peak Activity: Highest incidents around May 20 (anniversary of Taiwan President Lai Ching-te’s inauguration).
• Tech Theft Focus: Intensive targeting of science parks and semiconductor supply chains to bolster China’s self-reliance amid U.S.-China tech rivalry.

Primary Attack Tactics Employed

Chinese threat actors relied on four core methods in 2025:

• Vulnerability Weaponization (over 50% of incidents): Exploiting hardware/software flaws in network equipment and industrial control systems.
• DDoS Attacks (21%): Botnet-driven floods to overwhelm services and disrupt daily life.
• Social Engineering (18%): Phishing emails posing as trusted contacts to deliver malware.
• Supply Chain Compromises: Infiltrating subcontractors and providers for deeper access.

Notable groups included BlackTech, Flax Typhoon, Mustang Panda, APT41, and UNC3886, focusing on energy, healthcare, communications, government, and high-tech sectors.

Ransomware hit hospitals hard—at least 20 major deployments identified, with stolen data sold on dark web forums.

Broader Implications for Global Defenders

This escalation underscores China’s integration of cyber operations into geopolitical coercion:

• Critical Infrastructure Vulnerability: Attacks on energy (10x increase in some probes) and telecoms risk real-world disruption, from power outages to comms blackouts.
• Semiconductor Supply Chain Risks: Theft from Taiwan’s science parks (home to TSMC and others) accelerates China’s tech ambitions, potentially shifting global chip dynamics.
• Hybrid Warfare Blueprint: Syncing cyber with military drills previews tactics that could extend to allies or contested regions.
• Global Echoes: Indo-Pacific, NATO, and EU agencies repeatedly flagged China as the top cyber threat source in 2025.

As tensions rise into 2026, expect continued—or intensified—gray-zone aggression.

Recommendations for Organizations

To counter similar state-level threats:

• Patch Aggressively: Prioritize vulnerabilities in edge devices, ICS, and telecom gear.
• Segment Networks: Implement zero-trust and air-gapped backups for critical systems.
• Enhance Monitoring: Deploy advanced threat hunting for APT persistence and supply-chain anomalies.
• Employee Training: Simulate social engineering with focus on phishing from “trusted” sources.
• International Collaboration: Share IOCs via alliances (e.g., with NSB partners or Five Eyes) for faster attribution and response.
• Ransomware Prep: Regular offline backups and incident response drills tailored to healthcare/energy.

Taiwan’s resilience—bolstered by joint defenses and international intel sharing—offers a model, but no sector is immune.

This NSB disclosure is a wake-up call: state-sponsored cyber armies are scaling up, and 2026 could bring even more sophisticated hybrid campaigns.

“On average, China’s cyber army launched 2.63 million intrusion attempts per day targeting Taiwan’s critical infrastructure (CI) across nine key sectors.” Taiwan National Security Bureau, 2025 Report

Source and full details:

Taiwan NSB Official Report (PDF)