Chinese threat actor campaigns against Taiwanese critical infrastructure in 2025
Campaign
Summary
Hide ▲
Show ▼
Chinese cyber threat actors intensified campaigns against Taiwanese critical infrastructure in 2025, putting energy, healthcare, communications, administration, and technology sectors under sustained pressure. The activity involved BlackTech, Flax Typhoon, Mustang Panda, APT41, and UNC3886, with operators using vulnerability exploitation, DDoS, social engineering, and supply-chain attacks. The pattern mattered because the operations were tied to PLA patrols and major Taiwanese political events, with activity peaking in May 2025. The recurring timing and mixed tactics point to a coordinated campaign rather than isolated probes.
Related Happenings
Mustang Panda Asia-Pacific and Japan CDN impersonation espionage campaign
Campaign
First: 14.05.2026 18:00
Last: 14.05.2026 18:00
Sources 1
About this happening:
A **Mustang Panda** espionage campaign used **CDN impersonation** and **DLL sideloading** to target **Asia-Pacific and Japan** networks, extending from **late September 2025 throu...
Mustang Panda Asia-Pacific and Japan CDN impersonation espionage campaign
CampaignAbout this happening: A **Mustang Panda** espionage campaign used **CDN impersonation** and **DLL sideloading** to target **Asia-Pacific and Japan** networks, extending from **late September 2025 throu...
China-nexus threat-Flax Typhoon-Volt Typhoon alliance reshapes ransomware ecosystem operations
Threat Actor Meta
First: 23.04.2026 23:52
Last: 23.04.2026 23:52
Sources 1
About this happening:
**China-nexus** threat actors are industrializing covert botnet infrastructure, expanding **deniable reconnaissance**, **malware delivery**, and **data exfiltration** against **US...
China-nexus threat-Flax Typhoon-Volt Typhoon alliance reshapes ransomware ecosystem operations
Threat Actor MetaAbout this happening: **China-nexus** threat actors are industrializing covert botnet infrastructure, expanding **deniable reconnaissance**, **malware delivery**, and **data exfiltration** against **US...
China-nexus hijacked-device proxy network campaign
Campaign
First: 23.04.2026 15:28
Last: 23.04.2026 15:28
Sources 1
About this happening:
China-nexus hackers are **increasingly using** large-scale proxy networks of hijacked consumer devices to **evade detection**, making malicious traffic harder to trace and block....
China-nexus hijacked-device proxy network campaign
CampaignAbout this happening: China-nexus hackers are **increasingly using** large-scale proxy networks of hijacked consumer devices to **evade detection**, making malicious traffic harder to trace and block....
Mustang Panda spear-phishing campaign targeting Indian banks and US-Korea policy circles
Campaign
First: 21.04.2026 15:00
Last: 21.04.2026 15:00
Sources 1
About this happening:
**Mustang Panda** launched a newly identified **spear-phishing campaign** that is aimed largely at **financial organizations in India** and also reaches **US-Korea public policy c...
Mustang Panda spear-phishing campaign targeting Indian banks and US-Korea policy circles
CampaignAbout this happening: **Mustang Panda** launched a newly identified **spear-phishing campaign** that is aimed largely at **financial organizations in India** and also reaches **US-Korea public policy c...
Handala post-ceasefire retaliatory cyberattack campaign targeting the U.S. and Israel
Campaign
First: 09.04.2026 04:22
Last: 09.04.2026 04:22
Sources 1
About this happening:
**Handala** and other **pro-Iranian hackers** are keeping a retaliatory **cyber campaign** active after the **ceasefire announcement**, leaving **U.S. and Israeli targets** at ong...
Handala post-ceasefire retaliatory cyberattack campaign targeting the U.S. and Israel
CampaignAbout this happening: **Handala** and other **pro-Iranian hackers** are keeping a retaliatory **cyber campaign** active after the **ceasefire announcement**, leaving **U.S. and Israeli targets** at ong...
Timeline
-
07.01.2026 16:00 2 articles · 4mo ago
NSB discloses 2025 Chinese campaign against Taiwan
Initial DisclosureTaiwan's National Security Bureau published a January 4 report describing Chinese cyber threat actors' 2025 campaigns against Taiwanese critical infrastructure, including 960,620,609 intrusion attempts, a tenfold increase against the energy sector, a 54% rise against emergency rescue entities and hospitals, and tactics such as vulnerability exploitation, DDoS, social engineering, supply chain attacks, ransomware, and malware implantation.
Show sources
- China intensifies Cyber-Attacks on Taiwan as Energy Sector Sees Tenfold Spike — www.infosecurity-magazine.com — 07.01.2026 16:00
- China intensifies Cyber-Attacks on Taiwan as Energy Sector Sees Tenfold Spike — www.infosecurity-magazine.com — 07.01.2026 16:00