
Chinese state authorities have issued an unexpectedly harsh accusation against Taiwan, alleging that for several years, the island has conducted what they describe as a “ludicrous and inept” cyber campaign targeting mainland China. According to a report released Thursday by China’s National Computer Virus Emergency Response Center, the attacks are purportedly orchestrated by Taiwan’s Information and Electronic Warfare Command (ICEFCOM), allegedly backed by the United States.
The report, titled “Operation Futile: Investigation report on Cyberattacks launched by ICEFCOMof
Taiwan and its affiliated APT actors” , asserts that these actors have for years attempted—and failed—to undermine the infrastructure of the People’s Republic of China. The authors liken these efforts to “an ant trying to shake a tree.”
ICEFCOM was established by Taiwan in 2017 following the Democratic Progressive Party’s (DPP) electoral victory in 2016. The report claims that its formation occurred with U.S. assistance, suggesting that Washington interfered in the democratic process and fostered an illusion of support for Taiwanese independence. Beijing continues to propagate the narrative that the majority of Taiwanese citizens allegedly favor reunification with the mainland, and that the DPP’s rise to power is the result of foreign meddling.
The report names five APT groups purportedly operating under the aegis of ICEFCOM:
- APT-C-01 (Poison Vine)
- APT-C-62 (Viola Tricolor)
- APT-C-64 (Anonymous 64)
- APT-C-65 (Neon Pothos)
- APT-C-67 (Ursa)
Among them, APT-C-01 and APT-C-62 are described as employing similar tactics—phishing, deployment of malware, and data exfiltration from governmental and academic institutions. APT-C-64, active since 2006 according to Chinese sources, is allegedly linked to historical figures from Taiwan’s independence movement. Its main objectives reportedly include the defacement of websites, digital signage, and television broadcasts to disseminate “unlawful content,” though the report concedes the limited efficacy of these operations.
APT-C-65 is said to focus on surveillance of critical infrastructure during key negotiations between the United States and Taiwan. Meanwhile, APT-C-67 allegedly targets video surveillance systems, aiming to implant malicious code and harvest geospatial data.
Chinese analysts underscore that these groups lack access to zero-day vulnerabilities and instead rely heavily on publicly known exploits. The report highlights their frequent use of open-source tools, trojans, penetration testing frameworks, and other widely accessible resources. The authors stress that the groups appear incapable of developing original tools or attack techniques, and that their phishing documents and spoofed web pages are riddled with basic errors, facilitating easy attribution.
In the authors’ view, the technical clumsiness displayed by ICEFCOM and the DPP “serves only to soothe their illusions of independence.” The report concludes with a stark warning: “Should they fail to retreat in time, they shall reap the whirlwind.”
The document was jointly produced by the Engineering Solutions Laboratory for Computer Virus Prevention and the 360 Digital Security Group—entities that have previously issued similar accusations, including claims that the United States staged cyberattacks against itself to malign China. Such narratives frequently resonate with domestic audiences, reinforcing the state’s official version of events.