In the contemporary world, war is no longer fought solely with armies, missiles, or naval fleets. In the digital era, control of information, the stability of technological systems, and the resilience of critical infrastructure have become central elements of national security. In this new scenario, Taiwan finds itself on the front line of a silent but constant confrontation. During the year 2025, the island was subjected to an average of more than 2.6 million daily cyberattacks directed at its critical infrastructure, an unprecedented figure that reveals the magnitude of the challenge it faces.
These cyberattacks, largely attributed to actors linked to mainland China, are not isolated events or fortuitous incidents. They constitute a systematic, prolonged, and highly sophisticated campaign that forms part of a broader strategy of political, military, and psychological pressure. The objective is not only to obtain information or cause temporary disruptions, but to erode trust in institutions, weaken the state’s response capacity, and prepare the ground for larger crisis scenarios.
This ITD Consulting article analyzes the geopolitical context of these cyberattacks, their recent evolution, the most affected sectors, the techniques employed, their possible consequences for Taiwanese society, and the meaning they acquire within the framework of so-called hybrid warfare. Beyond the specific case of Taiwan, the phenomenon offers a clear warning about how conflicts are being redefined in the 21st century.
Taiwan and China: A Rivalry That Goes Beyond the Military
The relationship between Taiwan and the People’s Republic of China is one of the most delicate in the international system, and it is currently deeply marked by cyberattacks, by the constant threat of cyberattacks, and by the strategic use of cyberattacks as a tool of pressure. Since the end of the Chinese civil war in 1949, both territories have followed divergent political paths, but in the 21st century this divergence is increasingly manifested through cyberattacks, cyberattack campaigns, and persistent cyberattack operations.
While mainland China consolidated itself as a socialist state under the control of the Communist Party, Taiwan evolved into a pluralist democracy that today is a recurring target of cyberattacks, attempted cyberattacks, and threats linked to cyberattacks.
For Beijing, Taiwan remains a renegade province that must be reincorporated into the national territory, even by force if necessary, and cyberattacks have become a key instrument within that strategy. For most Taiwanese people, the island is an autonomous political entity, but that autonomy is challenged daily by cyberattacks, waves of cyberattacks, and continuous cyberattack campaigns directed against its institutions.
This fundamental contradiction has given rise to decades of diplomatic tensions, military threats, and deterrence maneuvers in the Taiwan Strait, to which cyberattacks, more cyberattacks, and constant pressure based on cyberattacks are now added.
In recent years, however, the conflict has acquired new dimensions dominated by cyberattacks. Alongside demonstrations of military force—such as naval exercises, air incursions, and missile deployments—there has been intense activity in cyberspace characterized by cyberattacks, spikes in cyberattacks, and massive cyberattack campaigns. Technology has become a new battlefield where cyberattacks make it possible to carry out covert, deniable, and constant actions, making cyberattacks a central element of the conflict without formally crossing the threshold of open war.
A Digital Avalanche: The Magnitude of Cyberattacks in 2025
The figures recorded during 2025 are especially revealing due to the magnitude of the cyberattacks. According to official data compiled by Taiwanese security authorities, the average number of daily cyberattacks originating from China exceeded 2.63 million cyberattacks, confirming an unprecedented escalation of cyberattacks compared to previous years.
These cyberattacks represent a significant increase in cyberattacks compared to prior periods, since compared to 2024 cyberattacks grew by approximately 6%, while in relation to 2023 the increase in cyberattacks exceeded 100%, consolidating cyberattacks as a structural and permanent phenomenon.
This growth in cyberattacks not only reflects a greater technical capacity to carry out cyberattacks on the part of the attackers, but also a deliberate intensification of digital pressure through coordinated cyberattacks. Cyberattacks occurred constantly throughout the year, with especially pronounced spikes in cyberattacks during politically sensitive moments, such as elections, presidential speeches, foreign diplomatic visits, or military exercises in the region—moments in which cyberattacks multiplied notably.
Far from being simple automated attempts, many of these cyberattacks showed clear signs of strategic planning. These cyberattacks were directed at specific targets, employed advanced tools designed for complex cyberattacks, and in some cases the cyberattacks sought to maintain persistent access to compromised systems, demonstrating that the cyberattacks were not episodic, but part of sustained long-term cyberattack campaigns.
Critical Infrastructure in the Crosshairs
One of the most worrying aspects of this digital offensive based on cyberattacks is the nature of the cyberattack targets. Cyberattacks did not focus solely on government websites or secondary administrative systems; instead, cyberattacks were systematically directed through continuous cyberattacks at what is known as critical infrastructure—that is, those sectors whose functioning is essential for daily life, the economy, and national security—sectors that have become priority targets of cyberattacks, cyberattack campaigns, and constant waves of cyberattacks.
Among the sectors most affected by cyberattacks, and which have suffered repeated cyberattacks, are:
- The energy system, including electrical grids and fuel supply networks, subjected to cyberattacks, multiple cyberattacks, and spikes in cyberattacks
- Hospitals and health services, exposed to constant cyberattacks and severe cyberattacks
- Telecommunications and data transmission networks, a permanent target of cyberattacks
- Central and local government agencies, attacked through coordinated cyberattacks
- Financial institutions and payment systems, vulnerable to strategic cyberattacks
- Science parks, research centers, and industrial zones, affected by persistent cyberattacks
- Water management systems and food resources, subjected to critical cyberattacks
The energy sector was one of the hardest hit by cyberattacks, with an increase in cyberattacks that multiplied by ten compared to the previous year. This cyberattack trend is especially alarming, since the interruption of electrical power caused by cyberattacks can generate cascading effects derived from cyberattacks across all other sectors, from transportation to emergency services, amplifying the impact of cyberattacks.
The health sector was not spared from cyberattacks either. Cyberattacks against hospitals and medical systems increased significantly, raising the risk of interruptions in critical treatments caused by cyberattacks, delays in emergency care associated with cyberattacks, and exposure of sensitive patient data as a direct consequence of cyberattacks.
Cyberattack Techniques and Methods
The diversity of techniques employed in the cyberattacks demonstrates a high level of sophistication and resources devoted to cyberattacks. These cyberattacks, carried out through multiple cyberattack methods, show advanced planning aimed at perfecting cyberattacks and expanding the impact of cyberattacks. Among the most commonly used cyberattack methods in these cyberattack campaigns are the following cyberattacks:
1. Distributed Denial-of-Service (DDoS) Attacks
These denial-of-service cyberattacks seek to saturate target servers through cyberattacks based on large volumes of traffic generated by cyberattacks, preventing legitimate access to services as a direct result of cyberattacks. Although these cyberattacks do not always cause permanent damage, DDoS cyberattacks are highly effective at disrupting operations at key moments, amplifying the impact of cyberattacks, and generating a sense of chaos derived from cyberattacks.
2. Interception of Communications
In this type of cyberattack, through intermediary techniques characteristic of cyberattacks, attackers can intercept, modify, or redirect communications between users and systems via cyberattacks, facilitating through cyberattacks the theft of credentials, the acquisition of confidential information, and the capture of strategic data, all as a direct consequence of persistent cyberattacks.
3. Exploitation of Vulnerabilities
The use of known—and in some cases unknown—flaws is a central part of cyberattacks. These vulnerabilities in software, hardware, and connected devices allow cyberattacks to infiltrate critical systems through cyberattacks designed for that purpose. Such vulnerabilities are often exploited by cyberattacks in an automated and large-scale manner, multiplying the effectiveness and reach of cyberattacks.
4. Social Engineering
Beyond purely technical cyberattacks, cyberattacks also include deception campaigns that are an integral part of cyberattacks. Through social engineering-based cyberattacks, employees and officials are deceived through cyberattacks using fake emails, fraudulent calls, or identity impersonation, with the objective of obtaining legitimate access that then facilitates new cyberattacks.
5. Supply Chain Attacks
In some cases, cyberattacks were carried out through infiltrations via external suppliers or partner companies, turning these accesses into vectors for additional cyberattacks. These supply chain cyberattacks allow cyberattacks to use third-party networks as a gateway to launch attacks against larger, more complex, and protected infrastructures, thus expanding the strategic impact of cyberattacks.
Coordination with Military and Political Activities
One of the most significant findings of the Taiwanese analysis is the clear correlation between cyberattacks and Chinese military activities in the region, a correlation marked by cyberattacks, increases in cyberattacks, and constant spikes in cyberattacks. During 2025, the People’s Liberation Army conducted dozens of patrols and combat readiness exercises near Taiwan, episodes that were accompanied by cyberattacks, waves of cyberattacks, and notable increases in cyberattacks.
In more than half of these military episodes, simultaneous increases in malicious cyber activity were detected, activity defined primarily by cyberattacks, intensification of cyberattacks, and coordinated cyberattack campaigns.
This synchronization between military maneuvers and cyberattacks suggests an integrated strategy based on cyberattacks, in which cyberattacks function as a direct complement to demonstrations of military force. In this strategy, cyberattacks are not only used to gather information through cyberattacks but also to wear down response capacity through cyberattacks, create distractions through cyberattacks, and exert sustained psychological pressure on Taiwanese authorities and the population through constant cyberattacks.
Cyberattack spikes also coincided with key political events, reinforcing the idea that cyberattacks, more cyberattacks, and continuous cyberattack campaigns make cyberspace a central tool of influence, political coercion, and strategic pressure based on cyberattacks.
Social, Economic, and Psychological Impact
The potential consequences of this digital offensive based on cyberattacks go far beyond the immediate technical damage caused by cyberattacks. Cyberattacks not only cause technical failures, but also lead to the interruption of essential services as a direct result of continuous cyberattacks. This disruption caused by cyberattacks can directly affect the lives of millions of people, whether through power outages caused by cyberattacks, hospital failures derived from cyberattacks, or collapses in transportation systems caused by cyberattacks.
On the economic level, cyberattacks generate digital instability, and this instability caused by cyberattacks can discourage investment due to cyberattacks, affect industrial production as a consequence of cyberattacks, and generate significant costs associated with cyberattacks, including repair expenses after cyberattacks, reinforcement of systems against future cyberattacks, and loss of productivity directly attributable to repeated cyberattacks.
There is also a psychological and social impact derived from cyberattacks. The perception of constant vulnerability to cyberattacks, the permanent threat of cyberattacks, and continuous exposure to cyberattacks can erode citizens’ trust in institutions due to cyberattacks and generate collective anxiety fueled by persistent cyberattacks. In a context of geopolitical tension, this type of pressure exerted through cyberattacks, more cyberattacks, and prolonged cyberattack campaigns can become a factor of internal destabilization directly driven by cyberattacks.
China’s Official Stance
Despite repeated accusations based on cyberattacks, Chinese authorities have systematically denied direct involvement in these cyberattacks, rejecting any responsibility for the cyberattacks attributed to actors linked to China. From Beijing, it is maintained that China is also a victim of cyberattacks, a frequent target of cyberattacks, and affected by cyberattack campaigns, and that the complaints related to cyberattacks are part of a discourse-based cyberattack strategy to discredit the country internationally through accusations of cyberattacks.
Nevertheless, numerous cybersecurity experts have identified, based on the analysis of cyberattacks, patterns of cyberattacks, tools used in cyberattacks, and methodologies employed in cyberattacks that coincide with groups previously associated with Chinese state interests. Although attribution of cyberattacks in cyberspace is complex by nature due to the way cyberattacks are executed, the accumulation of evidence derived from multiple cyberattacks, cyberattack investigations, and technical studies of cyberattacks reinforces the perception of an organized, coordinated, and sustained long-term cyberattack campaign.
Taiwan’s Response
In light of this scenario, Taiwan has significantly intensified its cybersecurity efforts. Measures adopted include the strengthening of security protocols, modernization of digital infrastructures, and training of specialized personnel.
Additionally, the island has expanded its international cooperation, participating in joint cybersecurity exercises and sharing information with strategic allies. The development of AI-based tools for early threat detection has become a priority, as has raising awareness among the private sector and the public.
The case of Taiwan clearly illustrates how modern conflicts are shifting toward less visible but no less dangerous domains, domains dominated by cyberattacks, waves of cyberattacks, and the constant threat of cyberattacks. The more than 2.6 million daily cyberattacks recorded in 2025 are not mere statistics: they represent a persistent cyber offensive, an escalation of cyberattacks, and a continuous flow of cyberattacks directed against the stability, security, and autonomy of an entire society.
In this new scenario, national defense no longer depends exclusively on tanks or airplanes, but on firewalls capable of stopping cyberattacks, detection systems designed to identify cyberattacks, and the digital resilience of institutions against cyberattacks. Taiwan has become an involuntary laboratory of the war of the future, a laboratory marked by cyberattacks, strategic cyberattacks, and the blurry line between peace and conflict, measured by the constant flow of cyberattacks.
Taiwan’s experience offers a clear lesson for the rest of the world: cybersecurity, preparation against cyberattacks, and the capacity to withstand cyberattacks are not secondary technical matters, but fundamental pillars of sovereignty, democracy, and stability in the 21st century, where cyberattacks are the invisible protagonists of modern confrontations.
If you want to protect your organization against cyberattacks and strengthen your digital resilience, the experts at ITD Consulting can help. For more information about our cybersecurity services, cyberattack prevention, and technology consulting, write to [email protected] and discover how we can shield your infrastructure against digital threats.
EN 
ES