- China offers bounties for hackers it links to Taiwan and the US.
- Taiwan denies it, blaming China for shifting focus.
Chinese authorities are accusing Taiwan of backing a wave of cyberattacks targeting government agencies, infrastructure, and private firms in China. In response, the public security bureau in Guangzhou has issued bounties for over 20 people allegedly involved, including one named individual, Ning Enwei. The size of the rewards was not disclosed.
According to China’s state-run Xinhua news agency, the suspects are linked to Taiwan’s government and part of what Beijing calls an “information, communication and digital army.” Officials say this group has been working with US intelligence agencies to spread disinformation, stir unrest, and conduct espionage across the mainland, as well as in Hong Kong and Macau.
Taiwan has pushed back on these claims. A senior security official told Reuters the accusations were fabricated, calling them an attempt to distract from recent scrutiny in Europe over China’s own hacking activities. Taiwan’s National Security Bureau later said Beijing was using false narratives to confuse the public and cover up its cyber operations, which have included data theft and online propaganda aimed at Taiwan.
The latest accusations centre on a cyberattack on an unnamed Chinese tech firm, which Beijing claims was part of a broader campaign affecting more than 1,000 networks across at least 10 provinces. The targets reportedly included military systems, energy infrastructure, transport, and government departments. Authorities described the campaign as sabotage and said attackers used phishing emails, simple malware, and brute-force attacks.
Chinese officials say the group behind the attacks used homegrown malware that left traces investigators could follow. The hackers allegedly masked their origins by routing traffic through foreign cloud services, VPNs, and hijacked devices. While China did not name the group or the targeted company, it said activity from this group has been increasing and remains under watch.
Taiwan’s response was direct. Officials accused Beijing of manipulating the story and pointed to China’s long history of cyberattacks against Taiwan. Reports from Taiwan suggest that most cyber incidents on the island are linked to Chinese actors.
China, meanwhile, has stepped up its own naming efforts. In March, it publicly accused four individuals tied to Taiwan’s military of launching cyberattacks and collecting sensitive information. While public attribution is common in the West, such moves by China are relatively new.
China’s hackers under fire abroad
While Beijing blames Taiwan, Chinese hackers are also facing pressure overseas. Earlier this year, US officials charged 12 Chinese nationals for their role in global cyber campaigns. The group includes freelance hackers, law enforcement officers, and employees of a private firm called I-Soon. They’re accused of targeting dissidents, journalists, US government agencies, and universities.
According to court documents, I-Soon operated as part of a broader hacking-for-hire market in China, offering services to the state while trying to stay at arm’s length from official agencies. The company is said to have billed Chinese authorities tens of thousands of dollars for access to compromised email inboxes and other stolen data.
One indictment outlines how I-Soon employees targeted critics of China living in the US, media outlets opposed to the Chinese Communist Party, and even the Defense Intelligence Agency. Some operations were reportedly directed by China’s Ministry of Public Security, while others were freelance efforts later pitched to the government.
I-Soon’s founder, Wu Haibo, was among those charged. He is known as a former member of China’s early hacktivist group, Green Army. Leaked documents from last year showed I-Soon had been active against governments in Taiwan, India, and Mongolia. The latest US indictments reveal its reach extended to American targets as well.
China’s Foreign Ministry has denied the charges, accusing the US of hypocrisy and pointing to US-linked cyber incidents in China.
Earlier break-in at US telecom firm
In a separate case, investigators discovered that Chinese hackers had infiltrated a US telecommunications company as far back as mid-2023. The attackers reportedly maintained access to internal systems for seven months before being detected. This breach, which hadn’t been previously disclosed in detail, adds to a growing list of concerns about long-term cyber intrusions linked to state-backed actors in China.
