Overview
- The National Security Bureau logged 960,620,609 intrusion attempts in 2025, a 6% rise from 2024 and an average of 2.63 million attempts per day across critical sectors.
- Energy infrastructure faced the sharpest escalation with a tenfold increase in targeting, including probes of industrial control systems and malware planted during software upgrades.
- Emergency rescue and hospital networks saw intrusion attempts jump 54%, with at least 20 ransomware cases and stolen medical data advertised on dark web forums.
- Officials identified vulnerability exploitation, DDoS, social engineering and supply-chain compromises as primary tactics, with vulnerabilities leveraged in over half of observed operations.
- Taiwan named BlackTech, Flax Typhoon, Mustang Panda, APT41 and UNC3886 as leading actors, reported spikes during Dec. 29–Jan. 2 PLA drills with millions of daily intrusions, and said it is coordinating with more than 30 countries on intelligence sharing and joint investigations.