Chinese state-linked cyber operations against Taiwan critical infrastructure surged again in 2025, underlining how Beijing is waging a long‑term hybrid campaign to coerce a democratic neighbour it claims as its own. This escalation is not “normal” espionage; it is strategic pressure designed to make Taiwanese society feel permanently vulnerable while giving China options to disrupt the island in a crisis.
Taiwan’s National Security Bureau says Chinese cyberattacks on its critical infrastructure averaged 2.63 million incidents per day in 2025, up 6% from 2024 and 113% from 2023, indicating a sustained, industrial‑scale campaign rather than background noise. The sharpest increases hit the energy sector, where attack volumes reportedly surged by up to 1,000%, and emergency services and hospitals, which suffered at least 20 ransomware incidents in 2025. These numbers mostly represent attempted intrusions, not confirmed breaches, and the NSB has not disclosed how many led to successful compromises or major outages. That lack of transparency itself is concerning because it magnifies psychological pressure while obscuring the true operational impact on Taiwan’s civilian systems, as per Reuters.
Taiwan’s National Security Bureau (NSB) reports that Chinese cyberattacks closely track Beijing’s military and political pressure on the island. Out of 40 PLA “joint combat readiness patrols” around Taiwan, cyber activity spiked during 23, linking digital operations with aircraft and naval incursions. Attacks also intensified around key democratic milestones, including President Lai Ching‑te’s first‑year‑in‑office speech in May 2025 and Vice President Hsiao Bi‑khim’s address to the European Parliament in November. This pattern reveals a deliberate hybrid warfare strategy: using cyber tools alongside drills and propaganda to punish political expression, intimidate Taiwan’s electorate, and warn foreign partners that visible support for Taipei will be met with coercive retaliation.
Civilian infrastructure under fire
Taiwan’s National Security Bureau highlights that Chinese cyber targeting of hospitals, energy, emergency services, and telecoms directly endangers civilians by risking treatment delays, power or logistics disruption, and communications sabotage. Ransomware against hospitals threatens patient safety and sensitive data, while intensified attacks on energy and emergency systems could cripple disaster response if successful. Telecommunications networks face man‑in‑the‑middle and infrastructure‑probing operations that facilitate espionage and potential shutdowns. Although Beijing denies involvement, the scale, target selection, and synchronization with PLA activities indicate a coordinated state strategy, not isolated hackers.
Taiwan’s NSB warns that Chinese cyber operations against its semiconductor ecosystem amount to economic warfare, not just disruption attempts. Science parks hosting TSMC and key suppliers are prime espionage targets, with attackers seeking to steal advanced technologies and intellectual property from chipmakers and high‑tech firms. These incursions are intended to boost China’s technological self‑reliance and improve its position in the U.S. China tech rivalry while weaponising Taiwan’s central role in global supply chains to gain leverage over governments and corporations dependent on its chips.
Tactics used and the response they demand
Taiwanese reports identify four Chinese cyber tactics: vulnerability exploitation, DDoS attacks disrupting services, social engineering via phishing, and supply chain compromises. These align with Taiwan’s Phase Seven Cyber Security Program (2025–2028), which bolsters infrastructure resilience, grows its cybersecurity sector, and fosters public-private cooperation amid active 2026 defense tenders.
India bolsters Taiwan’s cyber defenses through QUAD cybersecurity pacts and indigenous tech like DRDO’s AI threat detectors, showcasing democratic resilience against coercion. China, conversely, deploys state-orchestrated 2.63M daily attacks ransomware on hospitals, DDoS on energy grids, IP theft from TSMC synced with PLA patrols, recklessly endangering civilians in a desperate hybrid war to subjugate its neighbor.
Yet these measures are only part of what is required. Chinese cyberattacks on Taiwan are not isolated crimes; they are a deliberate, state‑directed assault on a neighbouring democracy’s hospitals, energy grid, and technology base, conducted in parallel with air and naval intimidation. The pattern described in recent reporting is a warning: unless Beijing faces coordinated diplomatic, economic, and technological pushback for this behaviour, hybrid attacks on Taiwan and by extension on the wider rules‑based order will continue to escalate.
Leave a Reply