News Roundup: May 2025
Strategic perspective on the threats, trends, and policies shaping Taiwan’s cybersecurity landscape
Phase Seven of Taiwan’s National Cybersecurity Program Announced
In response to escalating cyber threats and the growing complexity of conflict in the region, Taiwan has launched the Seventh Phase of its National Cybersecurity Development Program (2025–2028), backed by NT$8.8 billion (US$270 million) in funding. This phase reflects a strategic shift toward more proactive, structured defenses aimed at safeguarding critical infrastructure and reinforcing democratic resilience. It includes four core pillars:
Pillar 1: Aims to build a whole-of-society defense posture by expanding public awareness, improving institutional readiness, and strengthening national response mechanisms.
Pillar 2: Focuses on hardening critical infrastructure through joint defense mechanisms, sector-specific standards, and expanded testing and detection systems.
Pillar 3: Prioritizes scaling Taiwan’s cybersecurity industry by aligning domestic certification systems with international benchmarks and increasing the global competitiveness of Taiwanese vendors.
Pillar 4: Introduces artificial intelligence (AI) as a core component of national cybersecurity operations, applying it to behavioral analytics, threat modeling, and automated detection across agencies.
Policy Recommendation: To operationalize this strategic shift, the United States should institutionalize collaborative mechanisms with Taiwan focused on AI-enabled cyber defense, vendor qualification, and cross-sector simulations. Joint investments in security-by-design research and shared certification protocols would reinforce resilience while deterring coercive digital threats. The Ministry of Digital Affairs (MODA)’s expanded transparency and standardization efforts present a timely opportunity to deepen practical alignment.
Look out for Eryk Waligora’s detailed analysis of this Seventh Phase in an upcoming volume of the Global Taiwan Institute’s Global Taiwan Brief!
Taiwan’s Cyber Governance Model as a Democratic Counterweight
A recent Digital Rights Asia-Pacific (DRAPAC) series essay highlights Taiwan’s cybersecurity governance as a democratic alternative to China’s techno-authoritarian model. The piece underscores Taiwan’s focus on participatory governance, transparency, and civil society engagement, in contrast to Beijing’s surveillance-driven approach exported across the region. Taiwan’s public-private cybersecurity architecture, combined with open-source transparency initiatives, is framed as an emerging model for smaller democracies resisting digital repression. This strategic positioning is especially important as Indo-Pacific nations weigh economic engagement with China against long-term digital sovereignty.
Policy Recommendation: Taiwan should codify and promote its cybersecurity governance model as a blueprint for regional digital democracy. This could include publishing an annual white paper detailing its cybersecurity governance best practices and launching an ASEAN-facing initiative under MODA’s international cooperation arm to share tools, legal frameworks, and civic tech innovations.
Call for Papers: Inaugural 3D-Sec Workshop
Set for October 2025, the inaugural Deepfake, Deception, and Disinformation Security Workshop (3D-Sec) is expected to convene global researchers, industry leaders, and policymakers to confront the growing national security risks posed by synthetic media and coordinated digital deception. Taiwan’s presence on the organizing committee signals its increasing leadership in shaping defensive strategies against adversarial AI, algorithmic misinformation, and deepfake-driven influence campaigns. As foreign actors continue targeting Taiwan with disinformation operations, the workshop offers a timely platform for developing both detection technologies and cross-border response coordination.
Policy Recommendation: Taiwan’s Ministry of Digital Affairs (MODA) should use the 3D-Sec forum to propose a national synthetic media verification strategy that incorporates AI provenance tools, watermarking standards, and digital signature protocols. The strategy should be piloted in partnership with Taiwan’s Central Election Commission and major local media outlets to prepare defenses for upcoming national elections.
Meta Removes Coordinated Inauthentic Behavior Targeting Taiwan
Meta’s May takedown removed 232 Facebook accounts, 27 Pages, and 14 Instagram profiles tied to a PRC information-operation that posed as Taiwanese citizens and veterans while pushing narratives of US unreliability and DPP corruption. Although engagement was low (fewer than 3,000 followers), Meta’s release shows operators scheduling posts to spike during Taiwan’s nightly news cycle, mirroring tactics seen in 2024 county elections. The operation’s overlap with clusters targeting Azerbaijan and Romania suggests a modular infrastructure using shared linguistic templates.
Policy Recommendation: Taiwan’s National Communications Commission should require domestic political advertisers to archive ad-targeting parameters in a public registry within 24 hours, giving OSINT researchers faster baselines to identify foreign clusters that mimic local demographic targeting.
Czech Republic Cyberattack and Taiwan’s Diplomatic Echoes
Prague attributed January’s spear-phishing campaign against Czech ministries to PRC group APT31, noting 17 compromised mailboxes and exfiltration of EU-China policy drafts. Taipei’s foreign ministry publicly backed Prague, framing the incident as part of a broader PRC strategy that logged a 67% surge in APT31 scans against Taiwanese foreign-service domains during the same period. Coordinated statements from Taiwan and the Czech government mark deepening cyber-diplomacy even as Prague weighs upgrading its Taipei representative office.
Policy Recommendation: Formalize a Czech-Taiwan cyber threat intelligence exchange under the existing Taiwan-EU Industrial Cooperation Framework, focusing on APT31 TTP correlation and joint tabletop exercises that stress-test diplomatic crisis-comms channels.
Cyfirma Report: Escalatory Cyber Options in a Taiwan Strait Crisis
Cyfirma’s scenario report models PRC cyber strategy under a hypothetical 2028 US leadership transition, projecting that Beijing could activate pre-positioned malware in 70% of Taiwan’s smart-grid substations to trigger rolling blackouts lasting up to 96 hours. The analysis also quantifies that PLA unit 61398 would need only 140 operators to disrupt 40 undersea cable landing stations simultaneously, indicating manpower is not Beijing’s constraint.
Policy Recommendation: Accelerate the Ministry of Economic Affairs’ microgrid pilot program, aiming for 20% of critical facilities to have island-mode capability by 2027, and direct NICS to conduct red-team validation of cable-landing-station segmentation this fiscal year.
MirrorFace Campaign Uses ROAMINGMOUSE in Taiwan and Japan
ESET telemetry confirmed the MirrorFace APT resurfaced with upgraded ANEL backdoors and ROAMINGMOUSE loaders, compromising at least three Taiwanese semiconductor suppliers via malicious recruiter emails. Lateral movement relied on SMB brute-forcing, and exfiltrated data included unreleased wafer-fabrication recipes, raising IP-theft stakes beyond the group’s historical disinformation role. Payload compilation timestamps point to operators in UTC+9, supporting intelligence that MirrorFace operates out of PRC’s Liaoning theater but masks activity in Japanese time zones.
Policy Recommendation: Launch a semiconductor shielding program that subsidizes hardware-rooted credential isolation for fabs and enforces privileged-access time-boxing; require foundry suppliers to attest to implementation before bidding on government-funded chip research.
Drone Supply-Chain Intrusions: Earth Ammit and CNC Exploitation
SecurityWeek and Trend Micro detail coordinated supply-chain attacks in the drone industry. Earth Ammit exploited Taichung-based PCB vendor update servers, while another PRC group inserted malware into German CNC controller firmware shipped to Taiwanese UAV integrators. Combined, the campaigns touched 34 Taiwanese firms and resulted in the theft of encrypted telemetry code that could reveal flight-control algorithms. The incidents highlight the UAV sector’s reliance on foreign-sourced CNC firmware with opaque security provenance.
Policy Recommendation: A drone supply-chain task force should be established and mandate secure-boot requirements for imported CNC firmware and co-fund an open-hardware reference controller produced by ITRI to reduce single-vendor dependency.
Illicit Streaming Devices Pose Underrated Cyber Threat in Taiwan
Originally published in October 2024, research on the cybersecurity risks of illicit streaming devices (ISDs) was reintroduced at a recent industry workshop hosted in Taipei by the Taiwan Society of Convergence and the Asia Video Industry Association’s Coalition Against Piracy (CAP). The study found that 13.1% of Taiwan’s population uses ISDs, significantly higher than the Asia-Pacific average, with many devices preloaded with malware and vulnerable to command-and-control exploitation. These devices bypass standard content delivery protections and operate outside regulated cyber hygiene standards, introducing potential backdoors into domestic networks and critical infrastructure environments. Despite Taiwan’s advanced threat monitoring capacity, the consumer tech layer remains a soft target often overlooked in national defense strategies.
Policy Recommendation: Taiwan’s Administration for Cyber Security should initiate a cross-ministerial audit of ISD prevalence and associated risks, leading to a new classification of ISDs under national cybersecurity regulations. Coordinating with consumer protection agencies and telecom providers, Taiwan could also require ISD importers and vendors to comply with minimum cybersecurity standards or face restrictions.
Girls in Cybersecurity Contest Accelerates Talent Pipeline
The National Science and Technology Council’s 2025 “Girls in Cybersecurity” finals drew 72 teams from 38 high schools, a 44% participation jump over 2024. Winning projects included an AI-powered phishing detector achieving 92% precision and a ransomware honeypot that logged 3,400 unique payloads in two weeks, data now feeding NSTC’s threat-intel lakehouse. Survey data show 63% of participants intend to pursue cybersecurity degrees, up from 48% last year, indicating program efficacy in retaining female talent.
Policy Recommendation: Provide automatic internship placements at NICS or private MSSPs for the top 20 finalists each year and integrate their proof-of-concept tools into the national cyber-range curriculum, ensuring early exposure to production-grade environments and reinforcing retention.
CyberSec Taiwan
About CyberSec Taiwan
Your source for the latest news and analysis on Taiwan-centric cybersecurity.