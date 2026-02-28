A cybersecurity expert monitors telecommunications traffic at a network operations center in Ashburn, Virginia, on July 15, 2014. Photo: Reuters

CYBERWARFARE CONTINGENCIES:Latent malware presited in Taiwan’s electronic infrastructure could hammer services and agencies in the outbreak of a conflict

By Chen Yu-fu and Esme Yeh / Staff reporter, with staff writer

China might target Taiwan’s critical infrastructure by executing simultaneous cyberwarfare attacks with embedded malware in the case of a war, a report said.

The Presidential Office’s Whole-of-Society Defense Resilience Committee has convened multiple meetings since last year to work on defense resilience.

A committee report cited the Ministry of Digital Affairs as saying that hostile forces might have already planted Trojan or backdoor malware in critical infrastructure.

Given the risk of all-out attacks by such malware during wars, critical systems should be constantly scanned and tested to remove hidden malware, the ministry said.

If malware cannot be fully blocked during emergencies, network connections should be cut to terminate external connections, ensuring critical data is neither leaked nor manipulated, the report said.

Critical infrastructure in Taiwan ranges from energy, water resources, telecommunications and transportation to finance, emergency rescue and hospitals, science parks and major government agencies.

Enemies might prioritize energy infrastructure for attack if such facilities are all set up within Taiwan, the report said.

Authorities should work out agreements with allied nations for energy storage and transportation, strengthening energy resilience and diversifying risk in the face of an attack, it said.

A source with knowledge of the matter speaking on condition of anonymity said the government has initiated a program to protect critical infrastructure including energy, financial and telecommunications infrastructure against non-traditional security threats, such as drones.

Submarine cables are a vulnerability for the physical and digital infrastructure of Taiwan, as they can easily be cut by enemies to shut down connections to the outside world, isolating the nation, the report said.

The government should set up diverse backups for redundancy, it said.

While maximum transmission capacity is maintained by submarine cables in peacetime, satellites or microwave links could be alternative solutions to ensuring basic connectivity if the cables are cut, it added.

Cyberattackers could launch a single-strike blackout that would lead to major damage, the report said.

Authorities are advised to examine critical infrastructure and their core functions to decide what facilities should be prioritized for maintenance and operation based on how much their dysfunction would affect society, it said.

Authorities should localize operations of data centers to ensure that domestic infrastructure can operate normally even if international connections are disrupted, the report said.

A National Security Bureau report said there are five main hacker groups commissioned by the Chinese Communist Party government to attack Taiwan’s critical infrastructure, including BlackTech （黑科技）, Flax Typhoon （亞麻颱風）, Mustang Panda （野馬熊貓）, APT41 and UNC3886.

There were industrial control systems in the energy sector infiltrated and disrupted by latent malware, it said.

Chinese cyberattackers probed the network devices and industrial control systems of public and private energy businesses in Taiwan, including the petroleum, electricity and natural gas industries, the report said.

They attempted to install malware in systems of energy operators during software updates to spy on the operating mechanisms, resource planning and backup deployments of Taiwan’s energy sector, it said.

Chinese cyberattackers aimed for loopholes in telecom networking systems of the telecommunications sector, and attempted to infiltrate computer systems of telecoms and their contractors, the report said.

Their goal was to steal communications data and user information, and to infiltrate sensitive and backup communication links using man-in-the-middle attacks, it said, adding that such activities must be blocked, as they would affect Taiwan’s internal and external network security.

新聞來源：TAIPEI TIMES

