A country is under attack. No, not that one.
Cyberattacks targeting Taiwan’s government more than doubled in 2024 to an average of 2.4 million incidents a day, according to a new report from the island’s National Security Bureau, which said most of the activity could be traced to Chinese cyber forces.
The findings offer rare detail on the scale, targets, and techniques of attacks that Taiwan views as part of Beijing’s broader pressure campaign against the self-ruled island.
The surge, as reported by Reuters today (Jan. 5), underscores how cyberspace has become a central arena in cross-strait tensions, complementing military maneuvers, diplomatic isolation, and economic pressure as China seeks to assert its sovereignty claim over Taiwan.
Rising scale of cyber pressure
According to the report, Taiwan’s Government Service Network (GSN), which links central and local government agencies, the 2024 numbers compare with about 1.2 million daily attacks recorded in 2023, indicating a year-on-year doubling in volume.
The bureau said the increase reflects not only greater intensity but also a widening range of targets. Telecommunications, transportation, and defence-related systems were among the most frequently attacked sectors, highlighting a focus on areas critical to government operations and daily life.
Although Taiwan’s cybersecurity defences were able to detect and block many of the intrusions, the report warned that the sheer volume and persistence of attacks point to a more challenging threat environment.
Grey-zone tactics beyond the battlefield
Taiwanese officials have long argued that cyberattacks form part of China’s “grey-zone harassment” strategy – actions that fall short of open warfare but are designed to wear down Taiwan’s defences, sap public confidence, and complicate decision-making.
In recent years, Taipei has complained about a steady drumbeat of pressure from Beijing, ranging from near-daily Chinese military aircraft and naval patrols around the island to balloons and other activities in Taiwan’s vicinity. Cyber operations, the government says, fit into this pattern by allowing China to apply pressure without crossing clear red lines that might trigger a military response.
The National Security Bureau said some cyberattacks were deliberately timed to coincide with Chinese military exercises around Taiwan. These included distributed denial-of-service (DDoS) attacks aimed at overwhelming websites of transportation and financial institutions, potentially disrupting access to services during periods of heightened tension.
The report said the intent was to “intensify the harassment effect and military intimidation,” reinforcing the psychological impact of large-scale drills.
Link to military exercises
Beijing staged two major rounds of exercises around Taiwan last year, one in May and another in October, known as Joint Sword – 2024A and Joint Sword – 2024B. The drills involved air and naval forces operating around the island and were widely seen as warnings to Taipei against moves toward formal independence and as responses to political developments in Taiwan.
By synchronising cyberattacks with these exercises, the report suggested, China sought to amplify their overall impact. Disruptions to digital services during such periods could complicate government responses, strain emergency systems, or heighten public anxiety, even if the attacks do not cause lasting damage.
Targeting information and infrastructure
Beyond DDoS attacks, the bureau said Chinese cyber forces also targeted the email accounts of Taiwanese civil servants and used social engineering tactics to trick individuals into revealing sensitive information. Such efforts aim to steal confidential data that could be useful for intelligence gathering or future operations.
More sophisticated techniques were also identified. The report said attackers employed advanced persistent threats and backdoor software in attempts to infiltrate and compromise key infrastructure, including highways and ports. These systems are vital not only for civilian life but also for military logistics and crisis response.
“Such efforts attempt to disrupt Taiwan’s government operations, as well as gain advantages in the fields of politics, military, technology, and economy,” the report said, outlining how cyber espionage and sabotage could support broader strategic goals.
China’s response and wider context
China’s Taiwan Affairs Office did not respond to a request for comment on the report. Beijing routinely denies involvement in hacking activities, even as it is frequently accused by foreign governments of conducting cyber espionage.
The United States, for example, said last week that Chinese hackers had stolen documents from the U.S. Treasury Department, adding to a growing list of allegations against China over cyber intrusions targeting government agencies, companies, and critical infrastructure worldwide.
For Taiwan, the report’s findings reinforce concerns that cyber threats will continue to grow as cross-strait relations remain strained. While the island has invested heavily in cybersecurity and resilience, officials warn that defending against millions of daily attacks requires constant adaptation and international cooperation.
As tensions with Beijing persist, cyberspace is likely to remain a key front in what Taiwan sees as a multifront campaign to pressure, intimidate and ultimately absorb the island without resorting to outright war.
Even space agencies can’t escape gravity… especially when a hacker claims they’ve walked off with hundreds of gigabytes of internal data.
