Shadow Wars in Cyberspace: Taiwan's Battle Against China's Rising Cyber Aggression

In 2024, China's cyber-operations groups ramped up attacks on Taiwanese organizations, including government agencies, telecom companies, and transportation sectors, using phishing emails and zero-day exploits. Attack volumes surged, with Taiwan experiencing over 2.4 million daily attempts on average—double the 2023 daily average of 1.2 million—according to Taiwan's National Security Bureau (NSB). The majority of these attacks targeted government systems, while attacks on the telecom sector also saw a dramatic sixfold increase, according to the NSB's annual report.

"China has escalated its cyberattacks against Taiwan," the NSB report stated, citing the use of varied hacking techniques such as reconnaissance, cyber ambushes, and data theft aimed at government systems, critical infrastructure, and key private enterprises.

China’s cyber operations have grown increasingly aggressive, extending beyond espionage to target critical sectors globally. Chinese state-backed groups have infiltrated US telecom networks, stolen sensitive data from Southeast Asia and Africa, and used SMS phishing to target individuals in India. Despite these advancements, countering China's actions in cyberspace remains challenging. Jon Clay, Trend Micro's vice president of threat intelligence, emphasizes that without stronger measures from nation-states, the pace of attacks will not decline. Organizations need to prepare for such threats, especially as nation-state attacks become more frequent and sophisticated.

Rising Successful Attacks

Taiwan faced 906 successful cyberattacks in 2024, a 20% increase from the previous year. Government systems were the primary targets, accounting for over 80% of these incidents, followed by attacks on telecommunications firms.

A report by the NSB highlighted a spike in attacks during the summer of 2024, with double the number of incidents compared to 2023. Michael Freeman, head of threat intelligence at Armis, noted that China’s focus on the telecom industry aligns with its strategy of controlling information flow, which can facilitate spying, blackmail, and other strategic advantages.

In the US, Chinese groups may have gained access to federal wiretapping systems, potentially exposing data on individuals under espionage investigations. Taiwan itself prosecuted 64 individuals for espionage in 2024, up from 48 in 2023, the NSB stated.

Regional Cyber Threat Escalation

Cyber threats in the Asia-Pacific region are on the rise, with Chinese cybercriminal groups increasingly targeting neighboring nations. These groups have also been linked to "pig butchering" scams, where citizens are coerced into online fraud schemes.

Geopolitical tensions, including the incoming Trump administration’s proposed tariffs on Chinese goods, are likely to exacerbate the situation. Additionally, China’s policy requiring researchers to report vulnerabilities to the government may have enabled state-sponsored groups to stockpile exploits. Trend Micro’s Jon Clay sees this as a broader effort to gain political, military, and economic advantages through sensitive information acquisition.

Defensive Strategies

Michael Freeman suggests that businesses in the region adopt advanced cybersecurity measures to detect and slow sophisticated attacks. He highlights deceptive technologies that create fake assets within networks as a useful defense. These not only detect malicious activity but also deter attackers by creating uncertainty about the scale and scope of the deception.

"As attackers realize deception is in play, they proceed more cautiously, which slows their progress and disadvantages them," Freeman explained. In light of increasing cyberattacks in the Asia-Pacific region, delaying attackers and raising their operational costs is a meaningful victory.