The National Security Bureau in Taiwan says that China's attacks on the country's energy sector increased tenfold in 2025 compared to the previous year.

A report from the agency highlights that attackers targeted critical infrastructure in nine key sectors, and the total number of cyber incidents linked to China grew by 6%.

The emergency rescue and hospitals sectors saw an increase in cyberattacks of 54%, while communications and transmissions recorded 6.7% more incidents.

Threat activity on industrial parks and food remained unchanged, administration agencies recorded a small decrease, while the finance and water resources sectors saw a significant reduction.

However, Taiwan's National Security Bureau (NSB) notes that the most significant activity was recorded in the energy sector, where the number of cyberattacks grew by 1,000% in 2025 compared to 2024.

Taiwan claims that many of these attacks were coordinated with military activity and were observed spikes during major political events, government announcements, and overseas visits by senior officials.

According to the report, four attack methods stood out, the most prevalent one leveraging hardware and software vulnerabilities. Other tactics observed included distributed denial-of-service (DDoS), social engineering attacks, and supply-chain incidents.

Regarding activity targeting the energy sector specifically, this involved targeting industrial control systems and monitoring for malware injection opportunities during planned software upgrades.

"China's cyber army intensively probes into the network equipment and industrial control systems of Taiwan's public-owned and private energy companies, including those in the petroleum, electricity, and natural gas sectors," reads NSB's report.

"In addition, when Taiwan's energy companies carry out software upgrades, Chinese hackers would take the opportunity to implant malware into their systems, so as to keep track of the operational planning of Taiwan's energy sector concerning operational mechanisms, material procurement, and establishment of backup systems."

The communications sector was targeted via adversary-in-the-middle (AitM) attacks and persistent access via network flaws. Government agencies were targeted in phishing and data theft attacks. The tech sector was targeted in supply-chain and social engineering attacks attempting theft of advanced chip and industrial technologies data.

The NSB attributed the cyber activity to Chinese hacker groups known as BlackTech, Flax Typhoon, Mustang Panda, APT41, and UNC3886.

The agency is cooperating with more than 30 countries that identify China as a major cyber threat and is involved in intelligence sharing and joint investigations on malicious infrastructure.