News Roundup: January 2025
Bite-sized news and updates on the latest in Taiwan cybersecurity
Flax Typhoon's Operations Highlight Persistent Cyber Threats to Taiwan and Global Infrastructure
January 3, 2025
The U.S. Treasury Department’s recent sanctions against Beijing-based Integrity Technology Group underscore the escalating cybersecurity threat posed by Chinese state-sponsored hacking groups, particularly Flax Typhoon. Active since at least 2021, Flax Typhoon has targeted critical infrastructure across North America, Europe, Africa, and Asia, with a notable focus on Taiwan. Leveraging publicly known vulnerabilities, the group employs remote access tools to maintain persistent network control, exposing sensitive data and undermining national security systems. Taiwan’s prominence as a technological hub, especially in semiconductors and defense-related industries, makes it a prime target for Chinese cyber-espionage activities. The group's consistent targeting of Taiwan, alongside U.S. and European entities, reflects a strategic effort to exploit both governmental and private sector networks for intelligence gathering and potential operational disruption. Despite international efforts, such as the FBI's takedown of a 200,000-device malware network used by Flax Typhoon, the group’s resilience and adaptability highlight significant gaps in collective cyber defense measures, particularly concerning Taiwan’s critical digital infrastructure.
Policy Recommendation:
International cybersecurity collaborations should focus on enhancing Taiwan’s threat detection and response capabilities by deepening its integration with global threat intelligence networks like the Asia Pacific Computer Emergency Response Team (APCERT) and expanding joint cyber defense exercises through platforms such as the Global Forum on Cyber Expertise (GFCE). Strengthening public-private partnerships modeled after initiatives like the MITRE ATT&CK framework will further bolster Taiwan’s resilience against state-sponsored cyber threats while contributing to regional and global digital security.
China’s Expanding Disinformation Campaigns Target Taiwan’s Democratic Resilience
January 3, 2025
In 2024, Taiwan faced an alarming escalation in disinformation campaigns orchestrated by China, with the National Security Bureau (NSB) reporting 2.159 million instances, a 60% surge from 2023. This growth reflects a strategic evolution in China’s cognitive warfare tactics, leveraging platforms like Facebook, TikTok, X (formerly Twitter), and forums to influence Taiwanese public opinion, particularly targeting younger demographics. The proliferation of inauthentic accounts (28,216 identified in 2024) and the use of AI-generated content, including deepfake videos of political figures, emphasizes the increasing sophistication of these operations. Notably, China employs stolen social media accounts, proxy media outlets, and convergence media brands to amplify disinformation, often coordinated with state-linked entities like the Global Times and Chinese Ministry of Foreign Affairs. These campaigns aim to erode trust in Taiwan’s democratic institutions, manipulate perceptions of Taiwan-U.S. relations, and sow societal divisions. The concurrent rise in disinformation coinciding with military exercises and diplomatic tensions suggests an integrated hybrid strategy blending psychological operations with traditional geopolitical pressure.
Policy Recommendation:
Taiwan could strengthen its disinformation response by establishing a National Disinformation Response Center (NDRC) for real-time monitoring and countermeasures, similar to the EU’s East StratCom Task Force. AI-driven detection tools should be developed in collaboration with local cybersecurity firms to identify deepfakes and bot activity. Stronger regulatory measures, modeled after the EU’s Digital Services Act, should require transparency from platforms like Facebook and TikTok on foreign-funded disinformation. Expanding international partnerships through the Global Cooperation and Training Framework (GCTF) and NATO’s Cooperative Cyber Defence Centre of Excellence (CCDCOE) would enhance intelligence sharing. Additionally, nationwide media literacy programs and legal (however difficult) reforms targeting foreign-sponsored disinformation would boost resilience and deter malicious actors.
Taiwan’s Undersea Cable Vulnerabilities are a Growing Cybersecurity Threat
January 5, 2025
The recent severing of a submarine cable near Keelung Harbor, linked to the suspicious activity of the Chinese-associated vessel Shunxin-39, underscores a critical cybersecurity risk for Taiwan. While physical in nature, these incidents have profound implications for Taiwan’s information security, given that 99% of its internet traffic relies on undersea cables. Such disruptions not only threaten connectivity but also expose Taiwan’s data transmission channels to potential interception or manipulation. Deliberate cable cuts could be part of a broader cyber-physical strategy by China, aiming to degrade Taiwan’s resilience in hybrid warfare scenarios by crippling communication networks during critical periods, including elections or military tensions. Moreover, repeated cable damage offers hostile actors insights into Taiwan’s incident response timelines, repair protocols, and network redundancies, potentially informing future cyber operations targeting critical infrastructure.
Policy Recommendation:
Taiwan should integrate submarine cable security into its national cybersecurity strategy, treating these physical assets as extensions of its digital infrastructure. Establishing a cyber-kinetic threat fusion center, much like the National Cybersecurity and Communications Integration Center (NCCIC), combining maritime surveillance data with cybersecurity intelligence, can enhance real-time threat detection and response coordination. Additionally, Taiwan should invest in quantum encryption technologies for undersea data transmissions to mitigate risks of interception during cable disruptions. Expanding satellite-based internet redundancies, such as partnerships with OneWeb, will ensure continuity of government and critical services in the event of large-scale cable outages. Furthermore, Taiwan should seek active membership in the Maritime Cybersecurity Information Sharing and Analysis Center (Maritime ISAC) to strengthen its maritime cybersecurity posture through global intelligence sharing, collaborative threat analysis, and coordinated responses to emerging threats.
Read more about The Cybersecurity Threat to Taiwan’s Undersea Cables
China's Intensified Cyber Operations Against Taiwan Signal Escalating Cyber Threat Landscape
January 5, 2025
In 2024, Taiwan’s National Security Bureau (NSB) reported an unprecedented surge in cyberattacks originating from China, with Taiwan’s Government Service Network (GSN) experiencing an average of 2.4 million daily attacks, double the volume from 2023. These attacks, largely attributed to Chinese state-sponsored actors, reflect a strategic shift towards targeting critical infrastructure sectors, including telecommunications (650% increase), transportation (70%), and the defense supply chain (57%). The escalation coincides with heightened geopolitical tensions and Chinese military drills, suggesting coordinated hybrid warfare tactics. Chinese cyber forces are employing increasingly sophisticated techniques, including the exploitation of Netcom device vulnerabilities, Living-off-the-Land (LotL) strategies to evade detection, and advanced persistent threats (APTs) leveraging zero-day vulnerabilities, phishing, and backdoor implants. Notably, cyberattacks often synchronize with PLA military exercises to amplify psychological and operational pressure on Taiwan, disrupting key sectors like finance and logistics. Beyond espionage, operations extend to ransomware targeting Taiwanese manufacturers, theft of intellectual property from startups, and data breaches aimed at undermining public trust in the Taiwanese government.
Policy Recommendation:
Taiwan should enhance real-time intelligence sharing through frameworks like the APEC Cybersecurity Capacity Building Network and expand joint cyber defense exercises with partners such as Israel’s National Cyber Directorate, leveraging their expertise in critical infrastructure protection. Additionally, investing in AI-driven threat detection technologies and fostering stronger public-private collaboration, modeled after the EU’s Network and Information Security (NIS) Directive, will be key to strengthening Taiwan’s cyber resilience against China’s evolving cyber threats.
Taiwan Bans DeepSeek AI Over National Security Concerns
January 31, 2025
Taiwan has officially banned the use of Chinese-developed AI services from DeepSeek across all government agencies, state-owned enterprises, public schools, and critical infrastructure projects, citing significant national security risks. The Ministry of Digital Affairs (MODA) emphasized concerns about data leakage to Chinese authorities, as DeepSeek’s data storage and privacy policies align with Chinese regulations that mandate data sharing with state intelligence agencies. This move aligns with Taiwan's broader strategy of restricting Chinese technology, including telecom equipment and software, due to espionage and cybersecurity threats. The ban reflects heightened vigilance amid rising geopolitical tensions, as DeepSeek's AI capabilities, combined with potential vulnerabilities in data security, pose risks of unauthorized surveillance, intellectual property theft, and exploitation of sensitive government data. Taiwan’s decision mirrors global trends, with several countries initiating investigations or imposing similar restrictions on DeepSeek due to its cryptic data practices.
Policy Recommendation:
Taiwan should complement the DeepSeek ban with a comprehensive AI security framework that mandates rigorous supply chain risk assessments for all AI technologies used in public and critical infrastructure sectors. Establishing a dedicated AI security task force within MODA to continuously monitor foreign AI platforms for data security vulnerabilities, combined with mandatory AI audits and certifications, can preempt emerging threats. Taiwan could also collaborate with international partners through the OECD’s AI Principles to develop shared standards for AI governance, fostering global cooperation against technology-enabled espionage.
Read more about digital bans and national security threats in Taiwan's TikTok Security Debate
Other News
Taiwan Cultivates Cyber Talent at Global Cybersecurity Camp 2025
Taiwan is actively participating in the Global Cybersecurity Camp (GCC) 2025, where top students worldwide gather for intensive training in areas like threat modeling, OT security, and kernel exploitation. This initiative enhances Taiwan’s cybersecurity talent while fostering global collaboration to tackle emerging cyber threats.
MediaTek Partners with Exein to Boost IoT Security in Taiwan
Taiwan’s MediaTek has partnered with Italian cybersecurity firm Exein to embed advanced security features into its Genio IoT platform, enhancing protection for over 3 billion devices globally. This collaboration strengthens Taiwan’s role in securing critical industries like automotive, healthcare, and smart devices, addressing growing cybersecurity risks in embedded systems.
RedDelta Targets Taiwan in Espionage Campaign
From July 2023 to December 2024, the Chinese state-backed group RedDelta targeted Taiwan in an espionage campaign using malware known as PlugX. The group sent phishing emails with documents related to Taiwan’s 2024 presidential election to trick recipients into opening infected files. This operation highlights China’s ongoing efforts to spy on Taiwan’s government and key individuals, using advanced methods to hide their activities and gather sensitive information.
US Navy Wargames Reveal Taiwan’s Cyber Vulnerabilities
Findings from a US Naval War College wargame were released earlier this month, rienforcing key vulnerabilities in Taiwan’s infrastructure during a simulated Chinese invasion scenario. Conducted at DEF CON, the exercise exposed risks in submarine cables, power grids, and reliance on Chinese technology. Recommendations included expanding satellite networks, decentralizing communications, and training civilian cyber defense teams to strengthen Taiwan’s resilience against cyber-physical threats.
CyberSec Taiwan
About CyberSec Taiwan
Your source for the latest news and analysis on Taiwan-centric cybersecurity.