Do Son 
Mainland Chinese authorities have alleged that a group of hackers purportedly backed by Taiwan’s ruling Democratic Progressive Party (DPP) is responsible for a series of cyberattacks targeting nearly a thousand strategically critical networks across the People’s Republic of China, including military, energy, and government infrastructure.
The announcement was made by the police in Guangzhou on May 20. According to their statement, the attackers employed rudimentary tactics such as phishing, vulnerability exploitation, brute-force attacks, and low-level malware. The assaults were reportedly launched from foreign IP addresses, including those based in the United States, France, and Japan.
The Tianhe District Public Security Bureau clarified that a recent attack targeted a local tech firm, and technical analysis of the digital traces led investigators to a group allegedly linked to Taiwan.
Investigators reported that the attackers had scanned more than 1,000 critical information systems across 10 provinces. The targets included entities within the defense industry, power grids, water supply systems, transportation networks, and various state institutions.
To obscure the origin of the attacks, the perpetrators allegedly routed their traffic through VPNs, foreign cloud services, and compromised devices—known as “zombies”—in an effort to disguise it as international.
Zhou Hongyi, founder of 360 Security Technology, stated that his team conducted the forensic analysis and identified traces leading to the Taiwanese group. Zhou emphasized that his company maintains the world’s largest threat intelligence database, enabling rapid identification of attack signatures and malicious code. He claimed that 360 is currently tracking at least five Taiwan-based APT (Advanced Persistent Threat) groups that specialize in targeting defense, diplomatic, and maritime entities.
APT refers to a form of sustained cyberattack in which intruders remain undetected within a system for extended periods. Such groups are often highly organized and may receive state-level support.
Zhou described the Taiwanese hackers as technically unsophisticated but extremely active. He further characterized their methods as crude and frequently copied from other sources, contrasting them with the cyber capabilities of the United States, whom he labeled as “elite adversaries.”
360 Security Technology has previously accused the U.S. of orchestrating global cyber-espionage campaigns—allegations that led to the company being sanctioned by both the U.S. Department of Commerce and the Department of Defense.
Attribution in cyberattacks remains a politically sensitive issue, often sparking fierce debate. At the time of publication, Taiwan had not commented on the latest allegations, though it has previously denied similar claims made by Beijing.
Since 2017, following the establishment of Taiwan’s Information, Communications and Electronic Force Command (ICEFCOM), Beijing has repeatedly accused the island of cyber espionage. In March, Chinese authorities publicly named four military officers allegedly involved in attacks—an act which Taipei condemned as intimidation and disinformation.
This latest accusation surfaced shortly after Taiwanese President William Lai delivered an address marking the anniversary of his leadership on May 20, reaffirming the island’s commitment to security and industrial defense.
Beijing views Lai and the DPP as proponents of Taiwanese independence and has dismissed his calls for dialogue. In response, Taipei has consistently accused China of conducting cyberattacks against its government institutions—particularly during elections and moments of heightened tension. According to Taiwanese authorities, the number of such attacks in 2024 reached an average of 2.4 million per day.
Donate