Menu
Browse

Cyber Threat Actor: Taidoor

Actor Type Location Known Incidents
 Icon
Nation State
China
2 incidents
Profile

Taidoor is a threat actor tracked under that alias and is known to operate from China. Public reporting associates the group with the Blacktech cluster and describes its activity as part of a broader Chinese state‑sponsored effort. The actor has been referenced in multiple cybersecurity analyses as a distinct entity within the Chinese espionage landscape.

Observed targeting focuses on government institutions, particularly those located in Taiwan. The actor’s objectives are characterized as cyber espionage, seeking to gather sensitive information from official networks. This focus aligns with the geopolitical context of cross‑strait tensions that frequently motivates such operations.

A representative campaign occurred in early 2018 when Taidoor, working alongside Blackthreat, compromised more than six thousand email accounts across at least ten Taiwanese government agencies. The intrusion was first identified on January 1, 2018. The intrusion was described by Taiwanese officials as causing significant damage and prompting a public disclosure to limit further harm. The breach took place amid heightened geopolitical tensions, with Taiwan attributing persistent cyber incursions to China following recent leadership changes and disputes over sovereignty. Officials noted that the incident coincided with the election of a Taiwanese president who rejects China's territorial claims, framing the cyber activity as part of broader pressure tactics. Authorities publicized the intrusion to mitigate further harm, citing wider Chinese military posturing near the island as contextual background. The operation exemplified the actor’s use of email‑focused tactics to achieve intelligence‑gathering goals.

Attribution to China is repeatedly cited in open‑source reports, linking the actor’s infrastructure and tactics to Beijing‑based resources. Taidoor is also noted as an affiliate or collaborator of the Blacktech group, indicating a cooperative relationship within the Chinese cyber‑espionage ecosystem. These points constitute the publicly established facts about the actor’s origin and associations. Details of the campaign were documented in open‑source reporting from SecurityAffairs.

Incidents
Attributed incidents available to members
2 incidents
Sources
Sources available to members
0 sources