Cyber security Photo: IC
The Democratic Progressive Party (DPP) authorities on the Taiwan island have been found to have organized cyberattacks targeting a tech company in Guangzhou, South China’s Guangdong Province, according to a release from the Guangzhou Municipal Public Security Bureau’s Tianhe District Branch on Tuesday.
On May 20, the police branch released a report stating that the tech company had been targeted by overseas hackers in cyberattacks. Public security authorities promptly launched an investigation, extracted samples of the relevant attack programs, thoroughly secured related evidence, and organized a team of technical experts to conduct a comprehensive technical trace.
The Global Times reporters have learned from the Guangzhou Municipal Public Security Bureau’s Tianhe District Branch that the public security authorities have attached great importance to the cyberattacks and preliminary investigations have found that the attacks on the company were carried out by a hacker group backed by the DPP authorities.
The police have found that, in recent years, the hacker group has frequently used publicly accessible internet asset scanning platforms to target more than 1,000 key network systems in over 10 provinces and regions on the mainland, including those related to defense, energy, hydropower, transportation, and government. They have conducted large-scale reconnaissance of cyber assets, gathering basic system information and technical intelligence. Through multiple rounds of cyberattacks, they employed low-level tactics such as mass phishing emails, exploitation of publicly known vulnerabilities, brute-force password attacks, and homemade simple Trojans.
Especially since 2024, the scale and frequency of this hacker group’s attacks against targets within the mainland have significantly increased, with clear intentions of disruption and sabotage, reflecting extremely malicious intent, according to the police.
According to technical experts, the group’s overall technical capability is relatively low, and its attack methods are crude and unsophisticated, targeting a wide range of victims. Their activities have been repeatedly detected by the mainland’s cybersecurity defense systems. The self-developed Trojan programs used by the group are poorly coded, leaving behind multiple traces that can be used for reverse tracking. This has created favorable conditions for law enforcement to uncover the criminal facts, identify the suspects, and locate their internet access points.
Technical analysis indicates that although the group frequently utilized VPN proxies, overseas cloud servers, and botnets to launch cyberattacks through numerous IP addresses in countries such as the US, France, South Korea, Japan, the Netherlands, Israel, and Poland — an attempt to obscure the true origin of their attacks — cyber investigation and analysis have successfully uncovered the full process of their cybercrimes and revealed their true intentions.
The Guangzhou Municipal Public Security Bureau’s Tianhe District Branch said that it has reported the situation to relevant national departments. Investigations into the case will continue, and relevant criminal groups and their masterminds will be brought to justice in accordance with the law.
The release of the investigation further demonstrated the mainland’s firm determination and capability to crack down on cyber activities aimed at splitting the country, Zheng Jian, deputy director of the Research and Study Committee in the China Council for the Promotion of Peaceful National Reunification, and chair professor at the Taiwan Research Institute of Xiamen University, told the Global Times.
Zheng said that cyberspace has now become one of the main battlegrounds in the fight against “Taiwan independence,” involving two levels — the competition at the cognitive level, and the offense and defense at the technical level.
In recent years, separatist forces advocating “Taiwan independence” have deliberately exploited the internet to distort the narrative surrounding the Taiwan question and disrupt the mainland’s normal economic and social order. Their actions constitute serious legal violations and amount to criminal behavior, said Zheng.
In response, relevant state authorities have implemented a series of countermeasures and continue to release related information. The public disclosure of this case further underscores the mainland’s clear understanding of the activities of the DPP authorities and their affiliated cyber forces, including their tactics, channels, and key personnel involved, said the expert.
The information released to the public so far is likely only a portion of what the mainland has actually uncovered. In reality, the mainland’s understanding of the relevant forces is more extensive than what has been disclosed. The exposure of these activities not only serves as a legal deterrent to the individuals already named, but also exerts psychological pressure on those who have yet to be publicly identified, Zheng said.
The disclosure of one case after another sends a strong warning to “Taiwan independence” forces. Cyberspace has a memory — every crime leaves behind digital evidence that can be brought to light, said Zheng.
“The fact that certain individuals have not yet been named does not mean their actions are unknown to the mainland. Those engaged in separatist activities must not delude themselves into thinking they can act with impunity behind a screen. When the time comes, you will be next. Once identified, prosecution and sentencing will follow — and justice will be served,” said Zheng.
