Cyber security Photo: IC

The Democratic Progressive Party (DPP) authorities on the Taiwan island have been found to have organized cyberattacks targeting a tech company in Guangzhou, South China's Guangdong Province, according to a release from the Guangzhou Municipal Public Security Bureau's Tianhe District Branch on Tuesday. 

On May 20, the police released a report saying the tech company had been targeted by overseas hackers in cyberattacks. Public security authorities promptly launched an investigation, extracted samples of the relevant attack programs, thoroughly secured related evidence, and organized a team of technical experts to conduct a comprehensive technical trace.

The Global Times reporters have learned from the Guangzhou Municipal Public Security Bureau's Tianhe District Branch that the public security authorities are taking the matter seriously and preliminary investigations have found that the attacks on the company were carried out by a hacker group backed by the DPP authorities. 

The police have found that, in recent years, the hacker group has frequently used publicly accessible internet asset scanning platforms to target more than 1,000 key network systems in over 10 provinces and regions on the mainland, including those related to defense, energy, hydropower, transportation, and government. They have conducted large-scale reconnaissance of cyber assets, gathering basic system information and technical intelligence. Through multiple rounds of cyberattacks, they have employed low-level tactics such as mass phishing emails, exploitation of publicly known vulnerabilities, brute-force password attacks, and homemade simple Trojans.

Especially since 2024, the scale and frequency of this hacker group's attacks against targets within the mainland have significantly increased, with clear intentions of disruption and sabotage, reflecting extremely malicious intent, according to the police. 

Technical experts said the group's overall technical capability is relatively low, and its attack methods are crude and unsophisticated, targeting a wide range of victims. Their activities have been repeatedly detected by the mainland's cybersecurity defense systems. The self-developed Trojan programs used by the group are poorly coded, leaving behind multiple traces that can be used for reverse tracking. This has created favorable conditions for law enforcement to uncover the criminal facts, identify the suspects, and locate their internet access points.

Technical analysis indicates that although the group frequently utilized VPN proxies, overseas cloud servers, and botnets to launch cyberattacks through numerous IP addresses in countries such as the US, France, South Korea, Japan, the Netherlands, Israel, and Poland - an attempt to obscure the true origin of their attacks - cyber investigation and analysis have successfully uncovered the full process of their cybercrimes and revealed their true intentions.

The Guangzhou Municipal Public Security Bureau's Tianhe District Branch said it has reported the situation to relevant national departments. Investigations into the case will continue, and relevant criminal groups and their masterminds will be brought to justice in accordance with the law.

Stern warning  

According to a release sent to the Global Times by the cybersecurity firm 360 Group on Tuesday, Zhou Hongyi, the founder of the company, said the company quickly identified the attack as originating from an APT - advanced persistent threat - group based in China's Taiwan Province, using cybersecurity big data in conjunction with its cybersecurity AI system. So far, 360 has independently discovered and named five APT groups from China's Taiwan Province.

Zhou said that in terms of attack capabilities, APT groups from China's Taiwan region are generally low-level, ranking in the third tier. Their attack techniques are crude, malware programming is poor, and they leave behind multiple traces that can be used for reverse tracking.

Several media outlets on the Taiwan island reported the release from the Tianhe District Branch of the Guangzhou Municipal Public Security Bureau, with one noting that the mainland has frequently disclosed cyberattacks originating from the island. 

For example, in March, the Ministry of State Security (MSS) released a statement revealing details about four members of the "Information, Communications and Electronic Force Command" linked to "Taiwan independence" forces, and warned that the internet is not beyond the reach of the law.

The release of the investigation further demonstrated the mainland's firm determination and capability to crack down on malicious cyberattacks, with some activities specifically aimed at splitting the country and undermining the mainland's stability, Zheng Jian, deputy director of the Research and Study Committee in the China Council for the Promotion of Peaceful National Reunification, and chair professor at the Taiwan Research Institute of Xiamen University, told the Global Times.

Zheng said cyberspace has now become one of the main battlegrounds in the fight against "Taiwan independence," involving two levels - the competition at the cognitive level, and the offense and defense at the technical level. 

In recent years, separatist forces advocating "Taiwan independence" have deliberately exploited the internet to distort the narrative surrounding the Taiwan question and disrupt the mainland's normal economic and social order. Their actions constitute serious legal violations and amount to criminal behavior, said Zheng.

In response, state authorities have implemented a series of countermeasures and continued to release related information. The public disclosure of this case further underscores the mainland's clear understanding of the activities of the DPP authorities and their affiliated cyber forces, including their tactics, channels, and key personnel involved, said the expert.

The information released to the public so far is likely only a portion of what the mainland has actually uncovered. In reality, the mainland's understanding of the relevant forces is more extensive than what has been disclosed. The exposure of these activities not only serves as a legal deterrent to the individuals already named, but also exerts psychological pressure on those who have yet to be publicly identified, Zheng said. 

The disclosure of one case after another sends a stern warning to these forces on the island. Cyberspace has a memory - every crime leaves behind digital evidence that can be brought to light, said Zheng.

"The fact that certain individuals have not yet been named does not mean their actions are unknown to the mainland. And for those engaged in separatist activities, they must not delude themselves into thinking they can act with impunity behind a screen. Once identified, prosecution and sentencing will follow - and justice will be served," said Zheng.