Using phishing emails and zero-day exploits, China’s cyber-operations groups targeted Taiwanese organizations — including government agencies, telecommunications firms, and transportation — with significantly higher volumes of attacks in 2024.
On average, Taiwan saw more than 2.4 million attack attempts per day, double the 1.2 million average daily attacks in 2023, with the vast majority of activity targeting the Taiwanese government, according to an annual analysis published by Taiwan’s National Security Bureau (NSB). Like many other countries, Taiwan has also detected a surge in attacks targeting its telecommunications sector, with the number of security events rising by more than sixfold, the analysis stated.
“China has continued to intensify its cyberattacks against Taiwan,” the NSB stated in the report. “By applying diverse hacking techniques, China has conducted reconnaissance, set cyber ambushes, and stolen data through hacking operations targeting Taiwan’s government, CI [critical infrastructure] and key private enterprises.”
China has become increasingly aggressive in its cyber operations. Government-backed groups in the country have compromised telecommunications networks in the US, stolen information from Southeast Asia and Africa, and targeted individuals in India with SMS phishing attacks. China-based groups, specifically, have branched out into a variety of different areas, going beyond cyber espionage.
To date, very few countermeasures have been effective at restraining China in cyberspace, says Jon Clay, vice president of threat intelligence at cybersecurity firm Trend Micro.
“Until nation-states take action against China’s aggressiveness, I don’t think you’re going to see a diminishing of the pace in attacks,” he says, adding the companies should expect to get targeted by nation-states in general and China specifically. “It’s a wake-up call that they have to start thinking about ‘how do I defend myself against these nation-states attacks better in 2025 than I’ve done in the past.'”
Successful Attacks Rise
Overall, Taiwanese government and private-sector organizations suffered at least 906 successful attacks in 2024, an increase of 20% compared with 2023, with government systems the target of more than 80% of attacks, followed by attacks against telecommunications firms, according to the NSB report.
In 2024, Taiwan saw twice as many attacks from China as the previous year, with a surge during the summer. Source: Taiwan NSB
The focus on the telecommunications industry is not surprising, says Michael Freeman, head of threat intelligence at Armis, a cyber-exposure management firm. A variety of countries’ telecommunications providers — including at least nine firms in the US — have been targeted by Chinese groups.
“The telecom industry is being hit by China in most regions right now, because if you can control the flow of information, you control a lot of factors,” he says. “They could use that information to spy on politicians and find out something that could be used for blackmail purposes — it’s a gift that keeps on giving in many different ways.”
In the US, there are signs that China gained some level of access to the federal wiretapping system, which could have given the Chinese government information on people suspected of espionage, Freeman says. Taiwan prosecuted 64 individuals for espionage in 2024, up from 48 in 2023, according to a second report from the NSB.
Overall, threat activity has increased in the Asia-Pacific region, with cybercriminals and espionage groups of all types targeting companies and national governments in the region. Chinese cybercriminal syndicates have become a problem for neighboring countries, whose citizens have been imprisoned and made to conduct “pig butchering” scams online.
Business (and Politics) as Usual
With the incoming Trump administration pledging to put significant tariffs on goods from China, the level of geopolitical stress in the Asia-Pacific will likely rise, and cyberattacks typically increase during periods of diplomatic tensions. In addition, China’s policy requiring that researchers disclose information on significant vulnerabilities to the Chinese government has likely created a stockpile of issues that can be used by state-sponsored hacking groups, Trend Micro’s Clay says.
“It’s all really all about acquiring sensitive information for political advantage, military advantage, and economic advantage,” he says.
Companies doing business in the region should take steps to improve the cybersecurity, detect sophisticated attacks, and find ways to slow attackers, Armis’ Freeman says. He points to deceptive techniques that seed a network with faux assets that act as detectors of malicious activity, as useful defenses. Not only can deceptive technology detect likely attacks, but even when the attackers figure out it’s there, it can slow them down.
“Once an adversary knows that you’re using some form of deception, they’re much more cautious in the way they proceed in your environment,” he says. “They don’t know the scale of it. They don’t know what types of technology you are using. It’s putting them at a greater disadvantage.”
With the frequency of cyberattacks likely to continue rising in the Asia-Pacific region, Freeman says, raising attackers’ costs and slowing them down should be considered a win.
Source: www.darkreading.com