Taiwan Cyber Incidents in 2025: Fake Messaging Apps, Custom Ransomware, Supply Chain Vulnerabilities
Published
Key Takeaways
- Incident Volume: Taiwan documented over 700 governmental cybersecurity incidents throughout the 2025 fiscal period.
- Threat Vectors: Unauthorized access remains the primary driver, accounting for almost 70% of reported cases.
- Emerging Vulnerabilities: Counterfeit software, ransomware attacks, and supply chain exploits are the top three operational risks.
Taiwan's Ministry of Digital Affairs (MODA) documented 726 cybersecurity incidents affecting government agencies in 2025, 68.60% of them being unauthorized access. Data published by CNA and UDN indicates a marginal decrease in incident volume, with 29 fewer cases compared to 2024.
The Administration for Cyber Security outlined specific attack vectors threatening the public sector: fake apps, ransomware attacks, supply chain weaknesses, vulnerable edge devices, and social engineering attacks combined with cloud service abuse
Identified Cyber Risks and Vulnerabilities
In response to these findings, Taiwan's Cyber Security Administration (CSA) has identified five critical risk domains requiring immediate mitigation to ensure the integrity of national infrastructure.
A primary risk is unknowingly downloading counterfeit messaging software via unofficial domains, thereby facilitating backdoor installation and unauthorized lateral movement.
Ransomware actors have deployed increasingly sophisticated tactics, utilizing custom software drivers designed to infiltrate environments and bypass standard endpoint detection and response (EDR) protocols.
Furthermore, supply chain vulnerabilities introduced significant exposure. Officials highlighted an instance in which a maintenance contractor deployed remote desktop software on a public agency server and gained access via brute-force attacks.
Severity Classification and Incident Metrics
Within the established cybersecurity framework, the preponderance of threats was classified as low-severity. Level 1 incidents constituted 87.33% of the total volume. Level 2 incidents represented 9.78%, while Level 3 incidents comprised 2.89%. There were zero reported Level 4 incidents, the highest severity classification in the reporting hierarchy.
Unauthorized access remained the leading threat vector, accounting for 68.6% of all cases. Hardware and equipment failures accounted for 15.43%, denial-of-service (DoS) attacks for 4.96%, and website attacks for 2.48%.
The CSA points out that agencies should:
- Implement email filtering and sandbox detection mechanisms to block malicious attachments and links.
- Restrict cloud drive sharing permissions,
- Enable file upload scanning mechanisms,
- Conduct security checks on cloud links to prevent the spread of malicious files,
- Have data backup, redundancy, and recovery capabilities,
- Implement Business Continuity Plan (BCP) drills to ensure that it can quickly switch to the backup system when necessary.
In October 2025, Taiwan reported a surge in Chinese cyberattacks, accusing China of deploying an “online troll army.” The country appeared in several news headlines last year, including Chinese APT24 cyberespionage delivering BADAUDIO malware, phishing campaigns distributing HoldingHands malware, and UAT-5918 targeting critical infrastructure with Mimikatz.
Related
Get expert insights on threats, breaches, scams, and security trends — delivered every Monday.
Most Popular
Get expert insights on threats, breaches, scams, and security trends — delivered every Monday.
Most Popular