• Military
• WMD
• Intelligence

• Security Menu                     

• Systems
• Industry
• Operations
• Hot Documents
• News
• Reports
• Policy
• Budget
• Congress
• Links

• Space

Analysis on China's Cyberattack Techniques in 2024

ROC National Security Bureau (NSB)

2025-01-05

The PRC cyber force has repeatedly cracked into the cyber space belonging to the Republic of China (Taiwan) to steal data and conduct intrusions, and its techniques have become increasingly sophisticated. To help the general public be aware of the trend of cyber threats posed by China, the NSB has compiled the report titled "Analysis on China's Cyberattack Techniques in 2024."

In terms of trends and developments, according to the Indicators of Compromise from Taiwan's Government Service Network (GSN), the GSN received a daily average of 2.4 million cyberattacks in 2024, doubling the daily average of 1.2 million attacks in 2023. Most of the attacks are attributed to the PRC cyber force. Although many of those attacks have been effectively detected and blocked, the growing numbers of attacks pinpoint the increasingly severe nature of China's hacking activities. In 2024, national intelligence community of the ROC reported a total of 906 cases of cyberattacks against Taiwan's government agencies and private sector. The number shows an increase of more than 20% when compared with 752 cases in 2023. Among all those cases of cyberattacks, attacking government agency accounts for the highest proportion, namely above 80%. In addition, after analyzing the targets of cyberattacks conducted by PRC cyber force, attacking communications field, mainly telecommunications industry, has grown by 650%, and attacking the fields of transportation and defense supply chain have grown by 70% and 57%, respectively. Attacks on these three fields have the most significant growth rates, showing that they are the key areas of China's chosen targets of cyberattacks.

In terms of cyberattack techniques, the PRC cyber force targets the vulnerabilities of Netcom devices used in Taiwanese government agencies to set up ambushes and steal confidential information. On top of that, it makes use of techniques, such as Living off-the-land, to escape detection by network defense systems. China targets Taiwanese civil servants' emails and launches cyberattacks, such as social engineering, attempting to steal confidential information. In addition, the PRC cyber force has employed diverse techniques to infiltrate and steal data from Taiwan's defense supply chain and ISPs. The techniques applied consist of advanced persistent threats, phishing mails, as well as the use of zero-day vulnerabilities, Trojans, and backdoors. Such maneuvers aim to infiltrate and compromise Taiwan's CI systems, such as those for highways and ports, and to disrupt Taiwan's order of transportation and logistics.

The PRC cyber force carries out DDoS attacks on Taiwan's transportation and financial sectors when the PLA conducts military drills against Taiwan, intending to intensify the harassment effect and military intimidation. It's worth noting that, with the support from private collaborative organizations, the PRC cyber force also conducts cyberattacks against Taiwan's manufacturers by utilizing ransomware or other cybercrime techniques. Additionally, China targets high-tech startups worldwide to steal patented technologies, attempting to obtain economic benefits. In addition, the PRC cyber force steals personal data of Taiwanese nationals and sells those data on the dark web and hacker forums. Such moves aim to reap profits through the techniques of Hack & Leak. Moreover, they voice criticism of Taiwan's inability in cybersecurity on social media forums to undermine the prestige and credibility of the Taiwanese government.

China has continued to intensify its cyberattacks against Taiwan. By applying diverse hacking techniques, China has conducted reconnaissance, set cyber ambushes, and stolen data through hacking operations targeting Taiwan's government, CI and key private enterprises. Making use of a joint ICT security defense mechanism, the Taiwanese government has ensured that the early-warning threat intelligence is gathered by a wide range of intelligence sources, as well as shared and responded in real-time with the competent authorities within the government. The NSB urges all nationals to prioritize cybersecurity and remain vigilant against cyber threats posed by China, so that we could jointly safeguard the comprehensive cybersecurity of Taiwan.

For more information, please refer to

Analysis on China's Cyberattack Techniques in 2024

Secretariat
National Security Bureau
Republic of China (Taiwan)
January 4, 2025