China proudly claims Taiwan runs APT gangs to attack Beijing, but fails every time

In a bizarrely boastful report, China’s National Computer Virus Emergency Response Center claims Taiwan has been targeting the country in cyberspace for years. Beijing says the offensive hasn’t been successful.

The report, titled “Operation Futile: Investigation report on Cyberattacks launched by ICEFCOM of Taiwan and its affiliated APT actors,” blames Taipei for partnering with the United States to target China in the cyber arena.

ICEFCOM is the acronym for Taiwan’s Information, Communications, and Electronic Force Command, created in 2017. According to the report, the organization was established with the help of the Americans, who were eager to promote Taiwan's independence.

The island of Taiwan is the subject of a geopolitical dispute between the Republic of China, which controls it, and the People's Republic of China, which claims it as part of its territory.

“Like an ant trying to shake a tree”

Taiwan’s pro-independence Democratic Progressive Party, currently the ruling political movement in the island, and ICEFCOM have been running five advanced persistent threat (APG groups, the Chinese report says (PDF).

Don’t miss our latest stories on Google News

Follow us

APT-C-64 (Anonymous 64), for example, allegedly tries to infiltrate websites, digital signage, and TV stations to display illegal content. Others use phishing to attack government and scientific targets, install malware, and exfiltrate data.

“The APT groups <...> have long been conducting cyber espionage against government and public service entities, research institutions, universities, defense technology and industry entities, and foreign affairs agencies on the Chinese mainland,” says the report.

“They cooperated with the US government and the US military to carry out cyber warfare, public opinion warfare, and cognitive warfare against the Chinese mainland for a long time, and acted as an agent of the ‘color revolution’ against the Chinese mainland.”

However, even though the threat is very real, the report hastens to add, all these efforts have been unsuccessful. That’s supposedly because the APT groups have only “low-level capabilities” and mainly exploit known vulnerabilities.

“Their anti-tracing capabilities are weak, particularly in crafting lure documents and phishing web pages, which often contain numerous flaws, indicating a lack of expertise among the relevant groups and individuals, making attribution relatively easy,” says the report.

“The clumsy and low-level performance of the DPP authorities and their affiliate hacker groups is as ridiculous as an ant trying to shake a tree.”

Smoke and mirrors around Volt Typhoon

Now’s the time to note that the report was co-authored by China’s National Computer Virus Emergency Response Center, National Engineering Laboratory for Computer Virus Prevention Technology, and software vendor 360 Digital Security Group.

This is the same group that claimed last year that the US intelligence agencies crafted the infamous Volt Typhoon campaign in a false flag operation “to win public support and pressure policymakers to allow the extension of invasive US surveillance powers.”

Volt Typhoon, also known as Insidious Taurus, Bronze Silhouette, Vanguard Panda, or Dev-0391, is considered a top-tier cyber espionage menace from China that targets critical infrastructure in the US and elsewhere.

In 2024, the group, defined by the US Federal Bureau of Investigation as “the defining threat of our generation,” was observed targeting telecoms by exploiting zero-day vulnerabilities in software used by many internet service providers.

Weirdly, though, The Wall Street Journal reported in April that China’s officials actually admitted in a secret meeting with American counterparts that Beijing was indeed behind the cyberattacks by the Volt Typhoon group.

“China wants US officials to know that, yes, they do have this capability, and they are willing to use it,” Dakota Cary, a China expert at SentinelOne, told the WSJ.