News Roundup: April 2025
Strategic perspective on the threats, trends, and policies shaping Taiwan’s cybersecurity landscape
CYBERSEC 2025 Signals Strategic Elevation of National Cyber Defense
Taiwan’s CYBERSEC 2025 conference highlighted the country’s ambition to position cybersecurity as a central pillar of national security and innovation. President Lai Ching-te’s keynote framed cybersecurity as Taiwan’s “first line of defense” in a new era of gray-zone confrontation. He pledged to increase cybersecurity spending by 20 percent over the next fiscal year and to bolster the talent pipeline with a national scholarship program for cyber professionals. The event also emphasized the private sector's role, with top companies like CyCraft and TeamT5 showcasing AI-enhanced threat detection tools. Panels addressed operational coordination between Taiwan’s National Institute of Cyber Security and military intelligence units, suggesting a slow but steady convergence of civil and defense cyber postures.
Policy Recommendation: Legislators should codify a multi-year cyber modernization plan, including mandated funding increases tied to GDP and clear benchmarks for defense sector integration. Additionally, the Ministry of Digital Affairs should publish annual public-facing metrics to track the impact of President Lai’s initiatives across national, private, and defense sectors.
Look back at CYBERSEC 2024.
Taiwanese Authorities Link Chinese Hacker to Hospital Ransomware Attacks
Taiwanese police identified a Chinese national as the suspected hacker behind a February 2024 breach of the Taipei City Hospital network. The intrusion exposed over 100,000 patient records and temporarily disabled key systems, including appointment scheduling and medical imaging access. Forensic analysis traced the attack to an IP range linked to a known Chinese advanced persistent threat group, confirming Taiwan's continued vulnerability to cross-border cyber operations targeting civilian infrastructure. Authorities noted the attack's surgical precision and data exfiltration methods bore hallmarks of espionage-oriented campaigns rather than ransomware.
Policy Recommendation: Taiwan’s Ministry of Health and Welfare should require third-party red teaming and threat modeling for all Tier 1 hospital networks by Q2 2026. Additionally, it should work with the Ministry of Digital Affairs to standardize cyber incident reporting formats across healthcare facilities to improve detection and response speed.
Taiwan Plans New Joint Cybersecurity Center to Bolster Threat Coordination
Taiwan’s Executive Yuan approved the creation of a Joint Cybersecurity Center to improve intelligence-sharing and response coordination across national, military, and private networks. The new facility, expected to be operational in 2026, will function as a command hub for cyber incident triage and countermeasure deployment. Officials said it will house representatives from the Ministry of Digital Affairs, National Security Bureau, and key telecom and tech firms. The announcement follows a 27% year-over-year increase in high-severity cyber incidents, with state-backed campaigns accounting for over 60 percent of them.
Policy Recommendation: To ensure institutional buy-in and transparency, the Executive Yuan should task the new center with publishing anonymized monthly incident trend summaries, while embedding public-private exchange officers to build reciprocal trust and accelerate incident escalation across sectors.
Read about the Joint Advisory on Spyware Targeting Taiwan.
China Expands Cyber Name-and-Shame Tactics Targeting Taiwan and the United States
Beijing has escalated its cyber diplomacy campaign by publicly accusing Taiwan and the United States of hacking Chinese critical infrastructure, despite no clear evidence presented. The tactic aims to blur attribution lines and erode the moral high ground Taiwan has maintained through responsible disclosure. China’s narrative attempts to cast Taiwan as a Western proxy engaged in offensive cyber activities, mirroring its disinformation playbook used during past election interference efforts. Analysts warn that this rhetoric may lay the groundwork for justifying future retaliatory cyberattacks.
Policy Recommendation: Taiwan should instruct its Ministry of Foreign Affairs and cybersecurity agencies to produce a unified, multilingual white paper clarifying its defensive cyber doctrine. This should include detailed examples of how Taiwan adheres to international norms and regularly cooperates with foreign governments on shared attribution and responsible disclosure.
Taiwan’s U.S. Representative Reframes Cybersecurity as Democratic Frontline
The University of Washington’s Taiwan Studies Program hosted Taiwan Ambassador Alexander Tah-Ray Yui during a public dialogue, emphasizing Taiwan’s cybersecurity strategy as a defense of democratic values. Speaking alongside Professor James Lin, Yui highlighted that Taiwan is not only a semiconductor powerhouse but a key bulwark against authoritarian influence in cyberspace. He argued that Taiwan’s cyber resilience is intertwined with global democratic stability, particularly as malign foreign actors exploit open information environments to undermine societal trust. The framing aligns Taiwan’s cybersecurity investments with soft power diplomacy and seeks to reframe cyber policy as central to geopolitical identity rather than only technical infrastructure.
Policy Recommendation: TECRO should establish a regular cybersecurity and digital democracy dialogue series with U.S. universities and think tanks. These sessions can amplify Taiwan’s global positioning and serve as a strategic counter-narrative to Chinese disinformation that portrays Taiwan as a technology asset divorced from values-based governance.
2025 Consensus Camp Reinforces Taiwan’s Cyber Defense Cohesion
Cybersecurity leaders from 50 government agencies convened at the annual 2025 Consensus Camp to stress-test Taiwan’s incident response framework. Exercises simulated coordinated attacks on transportation, utilities, and health sectors, with new protocols introduced for faster escalation to the National Institute of Cyber Security. Officials emphasized horizontal integration between agencies rather than siloed defense, citing delays in interagency alerts as a persistent gap. The camp also launched a pilot program that assigns liaison officers from MODA to high-risk agencies for real-time coordination.
Policy Recommendation: MODA should formalize the liaison officer program with clear authority and performance metrics, including average response time reduction and incident containment speed. A centralized digital log of cross-agency exercises should be established to track improvements in coordination over time.
Read about Taiwan’s Cyber Resilience in the Semiconductor Supply Chain.
Earth Kasha Adapts Attack Methods in Targeted Campaigns Against Taiwan and Japan
Trend Micro analysis revealed Earth Kasha, a known Chinese threat group, has upgraded its tactics in its latest cyber campaigns against Taiwan and Japan. The group has shifted from spearphishing to side-loading malware via trojanized installers of legitimate software, making detection significantly more difficult. The campaign also employed beaconing mechanisms designed to evade sandbox analysis, and payloads targeting endpoints in government and semiconductor sectors. Taiwan’s CERT noted the operation displayed timing and targeting precision indicative of both espionage and pre-positioning for broader infrastructure disruption.
Policy Recommendation: Taiwan’s NICS should issue a joint technical alert with Japan’s JPCERT on Earth Kasha’s updated TTPs and create a shared repository of indicators of compromise for regional partners. Semiconductor sector vendors should be required to conduct security reviews of all third-party software bundles used in internal workflows.
Administration for Cyber Security, MODA: March 2025 Monthly Report (Released in April 2025)
The Ministry of Digital Affairs (MODA)’s Administration for Cyber Security (ACS) reported a 34% increase in phishing attacks in March 2025 compared to the same month last year, with a notable rise in AI-generated deepfakes used in social engineering. Government networks saw 2.3 million attempted intrusions daily, and private sector reports showed a doubling of credential-stuffing campaigns targeting financial and telecom providers. A concerning trend was the use of AI tools to bypass email gateway filters, allowing impersonation of internal government officials in 17 separate incidents. MODA’s report included detailed heatmaps of attack origin by sector, with energy and healthcare registering the most targeted endpoints.
Policy Recommendation: MODA should mandate monthly submission of AI-borne attack telemetry data from all critical infrastructure providers. This data should feed into a new real-time alert dashboard accessible to all government agencies and vetted private partners to speed countermeasure deployment and cross-sector awareness.
Read the full report here.
India and Taiwan Explore Strategic Quantum Technology Cooperation
India and Taiwan have initiated exploratory discussions on bilateral cooperation in quantum computing, with early emphasis on cryptography and secure communications. The Observer Research Foundation report outlines how both democracies face similar challenges from cyber-enabled espionage and have complementary capabilities. Taiwan’s advanced chip manufacturing and India’s growing investment in quantum research make them ideal partners to develop indigenous post-quantum encryption standards. The dialogue also includes interest in jointly mitigating quantum-enabled surveillance risks from authoritarian regimes. Notably, Taiwan is assessing quantum-resistant algorithms for its next-generation critical infrastructure networks.
Policy Recommendation: Taiwan’s Ministry of Digital Affairs and India’s Ministry of Electronics and IT should formalize a joint quantum security working group. This group should prioritize co-developing open-source post-quantum cryptographic protocols for adoption in both countries’ government cloud systems.
TeamT5 CEO Warns of Expanding Chinese Cyber Threat Capabilities
In a CYBERSEC 2025 interview, TeamT5 CEO Tsai Sung-ting emphasized that China’s state-backed and criminal cyber actors remain Taiwan’s most persistent and dangerous threat. He highlighted a clear strategic shift in Chinese operations toward deep infiltration of critical infrastructure, particularly energy, telecom, and military networks. The purpose is not only data exfiltration but long-term positioning for potential disruption. Tsai warned that most Taiwanese organizations still prioritize basic defenses without sufficient investment in adversary-specific intelligence. He urged public and private sector leaders to elevate threat intelligence capabilities and tailor defenses based on actual threat actor behavior.
Policy Recommendation: Taiwan’s Executive Yuan should establish a national threat intelligence fusion center with operational support from private sector firms like TeamT5. This center must integrate behavioral profiling of PRC threat actors and distribute strategic threat models to critical sector CISOs on a quarterly basis.
PRC Hints at Cyber Retaliation Against U.S. Over Taiwan Support
According to the Institute for the Study of War, unnamed U.S. officials reported that PRC cyber officials privately suggested cyberattacks on U.S. infrastructure were retaliation for American military support to Taiwan. These signals, made at a Geneva summit, were linked to Volt Typhoon, a PLA-affiliated hacking group that had penetrated American critical infrastructure for at least two years undetected. U.S. agencies assessed with high confidence that Volt Typhoon was preparing to disrupt U.S.-Asia communications infrastructure, with Microsoft adding that Guam’s vulnerability could hinder military deployments. The PRC’s denial strategy, deflecting blame or attributing actions to criminals, mirrors previous disinformation tactics.
Policy Recommendation: Taiwan should use this intelligence to prepare joint contingency planning with the United States for simultaneous infrastructure disruptions in Guam, Taiwan, and mainland U.S. A tri-nation wargaming initiative involving Taiwan, Japan, and the U.S. should be hosted by NICS and PACOM to simulate coordinated cyberattack scenarios.
Audrey Tang Defines Digital Resilience as Core to Taiwan’s Democratic Survival
In a wide-ranging podcast interview, Ambassador-at-Large Audrey Tang articulated Taiwan’s approach to digital resilience as a fusion of cybersecurity, open data governance, and participatory civic technology. She emphasized that resilience is not merely infrastructure durability but society’s capacity to resist cognitive warfare, especially from Chinese disinformation. Tang discussed initiatives like “pre-bunking” instead of debunking, media competence over media literacy, and the deployment of AI to support pluralistic dialogue instead of surveillance. Tang also highlighted Taiwan’s radical transparency practices, including real-time civic participation platforms like vTaiwan, and stated her goal is to align AI development with augmented collective intelligence rather than central control.
Policy Recommendation: Taiwan’s Ministry of Digital Affairs should launch a global “Democracy Tech Exchange” to formalize peer-learning with other democratic digital ministries. This forum should focus on replicating civic tech models like vTaiwan and integrating resilience metrics, including information integrity baselines and societal trust indicators, into national security assessments.
Listen to the entire podcast interview here.
CyberSec Taiwan
About CyberSec Taiwan
Your source for the latest news and analysis on Taiwan-centric cybersecurity.