Taiwan’s largest telecom company, Chunghwa Telecom, fell victim to a sophisticated cyber-attack, resulting in the theft of sensitive data, including military and government documents. The Ministry of National Defense in Taiwan confirmed the gravity of the breach, indicating that the stolen information was subsequently sold on the dark web, raising concerns about the integrity of national security.
The leaked data, estimated at 1.7 terabytes, reportedly includes documents from the armed forces, foreign affairs ministry, coast guard, and other government units. While the Taiwanese Ministry of National Defense downplays the severity, claiming some leaked content was not classified, the incident raises significant concerns about national security and the potential exploitation of sensitive information by malicious actors.
Chunghwa Telecom, the victim of this cyberattack, is Taiwan’s largest telecommunications provider, offering fixed-line, mobile, and broadband services to millions of customers. As a critical national infrastructure provider, a successful attack on Chunghwa Telecom can have far-reaching consequences, potentially disrupting communication networks and impacting various sectors of the economy. This incident underscores the need for heightened security measures not only within the company itself but also across the entire telecommunications sector in Taiwan to ensure the resilience of its critical infrastructure.
Beijing claims Taiwan as essentially Chinese territory, refusing to rule out taking the island by military force. As such, the Chinese government engages in constant “gray zone” provocations, stopping just short of open warfare. Cyber intrusions have become a preferred tactic, allowing China to gather intelligence and project power while maintaining deniability.
Taiwan has suffered other major cyberattacks linked to China over the past few years. In 2020, Taiwanese government agencies, including the foreign ministry, reported large-scale infiltration of their computer systems. The attackers were believed to have used custom malware to steal emails and documents. That same year, Taiwan Semiconductor Manufacturing Company (TSMC), the world’s largest contract chipmaker, had its systems infected by WANNACRY ransomware, forcing factories to shut down for days. Though the source was unclear, some cybersecurity experts suspected Chinese origins given TSMC’s strategic value. Going back further, Taiwan faced attacks using the WINDSHIFT malware against national defense contractors starting in 2014. The series of intrusions gathered sensitive information including credentials and weapon designs. Evidence tied WINDSHIFT back to a Chinese state-sponsored APT group, showcasing the advanced capabilities marshalled against Taiwan over an extensive period.
