Cyber Incident Victim: Taipei

In August 2020, Taiwanese authorities disclosed a cyber espionage campaign targeting government email accounts attributed to Chinese state-linked threat actors. According to Taiwan’s Investigation Bureau’s Cyber Security Investigation Office, approximately 6,000 email accounts across at least 10 government agencies were compromised. Deputy Director Liu Chia-zung confirmed the breach and stated investigators were still assessing the full extent of the damage, though preliminary findings indicated the impact was “not small.” The intrusion was part of a sustained cyber campaign dating back to 2018, with activity attributed to hacking groups Blacktech and Taidoor, both known for targeting Taiwanese government entities and information service providers. Officials linked the attacks to broader geopolitical tensions, noting an escalation in cyber operations following the 2016 election of President Tsai Ing-wen, whose administration rejects Beijing’s “one China” sovereignty claim over Taiwan. The government publicly disclosed the incident to raise awareness and prevent further compromise, though specific technical details about the attack vectors or data exfiltrated were not released.

Taiwan’s investigation remained ongoing at the time of reporting, with no confirmed timeline for remediation or additional mitigation measures beyond public notification. The breach occurred amid heightened diplomatic and military pressure from China, including increased military drills near Taiwan. Historical context provided by officials indicated persistent cyber intrusions since 2016, aligning with President Tsai’s pro-independence stance. While the exact nature of the compromised data was unspecified, the scale—impacting thousands of accounts across multiple agencies—suggested significant operational security implications. No direct response from Chinese authorities regarding the allegations was documented in the disclosure.