- Taiwan’s National Security Bureau recorded an average of 2.63 million Chinese cyberattacks a day against key infrastructure in 2025, up 6% from 2024 and 113% from 2023.
- Reported targets included government systems, telecommunications networks, hospitals, energy, banks, emergency rescue, and science parks. Reported activity included distributed denial-of-service attacks, man-in-the-middle operations, and attempts to penetrate telecom networks.
Why Persistent Cyber Pressure Is a Growing Risk for Critical Infrastructure
High-volume cyber activity changes the security baseline for infrastructure operators. Continuous probing gives attackers repeated chances to exploit a known vulnerability, weak remote access control, or poorly governed third-party connection.
For telecom operators, utilities, transport providers, healthcare networks, defense contractors, and other regulated enterprises, that pressure carries direct operational consequences. Monitoring load rises. Incident response teams stay under strain. Small weaknesses become more consequential when they can be tested every day at scale.
The strategic dimension matters as well. During periods of political or military tension, the same activity can support intelligence collection, disruption planning, coercive signaling, or pre-positioning for later operations.
What Happened
Taiwan’s National Security Bureau recorded an average of 2.63 million Chinese cyberattacks per day against key infrastructure in 2025, according to Reuters . The figure marked a 6% increase from 2024.
The increase since 2023, the first year the bureau published these figures, reached 113%. Sectors with the largest year-on-year increases included energy, emergency rescue, and hospitals.
The activity affected nationally significant systems, including government networks, telecommunications infrastructure, and science parks. Reuters reported distributed denial-of-service attacks and man-in-the-middle operations aimed at stealing information and penetrating telecommunications networks.
Some operations coincided with Chinese military patrols and politically sensitive moments, including President Lai Ching-te’s first-year speech in office and Vice President Hsiao Bi-khim’s appearance at the European Parliament.
Technical Cause
The central security issue is persistent exposure of reachable infrastructure.
Campaigns at this volume do not depend on one vulnerability or one compromised product. They gain leverage from repeated access to visible systems, reachable management paths, telecom interconnections, and weakly segmented environments. When those pathways remain open, attackers can keep scanning, intercepting, disrupting, and attempting entry until they find a workable route.
| Exposure area | Why it matters |
| Internet-visible services | Gives attackers a starting point for repeated probing and disruption |
| Reachable management paths | Creates opportunities for credential theft and privileged access |
| Weak segmentation | Allows an initial foothold to spread into operationally important systems |
| Externally reachable telecom links | Increases the risk of interception, disruption, and lateral movement |
The reported mix of DDoS activity, man-in-the-middle attacks, and telecom penetration attempts points to a broad campaign against exposed infrastructure pathways rather than a single technical failure.
Governance and Risk Implications
1. Exposure management belongs at executive level.
Asset inventory alone is not enough. Security leaders need a current view of what is externally visible, what remains reachable, and which paths lead into critical environments.
2. Cyber resilience is part of operational resilience.
In infrastructure sectors, service continuity depends on reducing reachable attack paths before disruption occurs.
3. Third-party and interconnection risk need tighter control.
Vendors, maintainers, managed service providers, and network partners can widen access to critical systems when connections are broad, persistent, or weakly governed.
4. Geopolitical context changes impact assumptions.
When cyber operations align with military drills or political events, the risk extends beyond espionage. It can include signaling, coercion, and preparation for future disruption.
How to Prevent Critical Infrastructure Exposure Through Secure Architecture
Critical infrastructure becomes easier to target when key systems can be discovered and repeatedly tested from outside the environment.
The priority is to reduce discoverability and narrow reachability. Sensitive systems, management interfaces, and telecom-facing services should not be easy to enumerate from the public internet. Administrative access should be tightly scoped, strongly authenticated, and limited to specific sessions and routes. Partner access should be narrow, explicit, and revocable.
For operators facing sustained scanning and intrusion attempts, reducing discoverability lowers exposure. Infrastructure that is harder to identify and enumerate gives attackers fewer opportunities to test services at scale. Entropya’s Digital Camouflage supports that goal by making critical infrastructure and all endpoints untraceable. It hides IP addresses, decouples source from destination, and stops attacks at the first stage — reconnaissance. This solution also protects all data in transit through a proprietary randomization algorithm that renders man-in-the-middle attacks ineffective.
In high-pressure environments, that helps limit the systems attackers can find, map, and repeatedly probe.
Digital Camouflage Whitepaper Digital Camouflage One-Pager
Review Your Infrastructure Exposure
Assess whether critical services, management paths, and telecom-facing systems are more discoverable than they should be. Contact Entropya to review how exposed your environment is to large-scale scanning and intrusion activity.