**Chinese Authorities Accuse Taiwan-Backed Hackers of Targeting Critical Infrastructure**
Chinese state media reports that authorities in Guangzhou have accused a hacker group allegedly backed by Taiwan’s ruling Democratic Progressive Party (DPP) of conducting a large-scale cyberattack campaign against sensitive infrastructure across mainland China. The group is said to have targeted over 1,000 key networks in more than 10 provinces, including military, energy, transportation, and government systems.
The attacks, described as "malicious sabotage" aimed at undermining China’s security, involved espionage efforts using low-sophistication tactics such as phishing emails, exploitation of known software vulnerabilities, and brute-force password attacks. Authorities noted that the group’s activity had surged over the past year, employing poorly coded, self-developed Trojans that left digital traces enabling tracking. Attackers attempted to obscure their origin by routing operations through VPNs, foreign cloud services, and compromised devices in multiple countries.
While Beijing did not name the targeted technology company or the hacker group, it stated that the group had been active for years and was under close monitoring by Chinese cybersecurity agencies. Taiwan’s National Security Bureau denied the allegations, accusing China of spreading disinformation and deflecting blame. The bureau countered that Beijing has long engaged in cyberattacks against Taiwan, including data theft, disinformation campaigns, and cognitive warfare.
The accusations reflect the ongoing cyber tensions between China and Taiwan, with both sides routinely accusing each other of malicious cyber operations. In March, Chinese authorities named four individuals allegedly linked to Taiwan’s military in connection with cyberattacks and espionage. The public attribution of foreign hackers marks a notable shift in China’s cybersecurity strategy, aligning with practices more commonly seen among Western firms.
Source: https://therecord.media/china-accuses-taiwan-linked-group-of-cyberattacks
Democratic Progressive Party, Taiwan cybersecurity rating report: https://www.rankiteo.com/company/democratic-progressive-party-taiwan
"id": "DEM1766550830",
"linkid": "democratic-progressive-party-taiwan",
"type": "Cyber Attack",
"date": "12/2025",
"severity": "100",
"impact": "8",
"explanation": "Attack that could bring to a war"{'affected_entities': [{'industry': ['Technology',
'Government',
'Military',
'Energy',
'Transportation'],
'location': 'China (over 10 provinces)',
'type': 'Technology company, Government, Military, '
'Energy, Transportation'}],
'attack_vector': ['Phishing emails',
'Exploitation of known software vulnerabilities',
'Brute-force password attacks',
'VPNs',
'Foreign cloud services',
'Compromised devices'],
'data_breach': {'sensitivity_of_data': 'Sensitive infrastructure data'},
'description': 'Chinese authorities have accused a hacker group allegedly '
'backed by Taiwan of carrying out a cyberattack on a local '
'technology company and targeting sensitive infrastructure '
'across the mainland. The group is linked to Taiwan’s ruling '
'Democratic Progressive Party (DPP) and has targeted over '
'1,000 key networks in more than 10 Chinese provinces, '
'including military, energy, transportation, and government '
'systems. The campaign involved espionage, phishing emails, '
'exploitation of known vulnerabilities, and brute-force '
'attacks.',
'impact': {'operational_impact': 'Malicious sabotage aimed at undermining '
'China’s security',
'systems_affected': ['Military systems',
'Energy systems',
'Transportation systems',
'Government systems']},
'initial_access_broker': {'high_value_targets': ['Military systems',
'Energy systems',
'Transportation systems',
'Government systems']},
'investigation_status': 'Ongoing',
'motivation': ['Espionage', 'Undermining China’s security', 'Sabotage'],
'post_incident_analysis': {'root_causes': ['Poorly-coded Trojan programs',
'Use of VPNs and foreign cloud '
'services to obscure origin',
'Exploitation of known '
'vulnerabilities']},
'references': [{'source': 'State media report, Guangzhou police'},
{'source': 'Reuters (Taiwan National Security Bureau '
'statement)'}],
'response': {'enhanced_monitoring': 'Chinese cybersecurity agencies '
'monitoring the group',
'law_enforcement_notified': 'Chinese cybersecurity agencies'},
'threat_actor': 'Alleged Taiwan-backed hacker group linked to Democratic '
'Progressive Party (DPP)',
'title': 'Chinese Authorities Accuse Taiwan-Backed Hacker Group of '
'Cyberattacks on Sensitive Infrastructure',
'type': 'Cyber Espionage, Sabotage',
'vulnerability_exploited': 'Known software vulnerabilities'}