China is using cyber attribution to pressure Taiwan
Public attribution of cyber activities is China’s latest technique for pressuring Taiwan and shaping the international dialogue around cybersecurity. While this isn’t the first time the Chinese government has publicly attributed cyber activity targeting it (that was aimed at the United States in 2022 ), in September 2024, the Chinese government launched a campaign of publicly identifying cyber operations attributed to Taiwan’s government.
So far, this campaign has included the release of three sets of information on Taiwanese cyberattacks. All three attributed intrusion activity to Taiwan’s cyber command, the Information, Communications, and Electronic Force Command (ICEFCOM), and each included typical Chinese government rhetoric criticising ‘secessionist’ elements in Taiwan. These releases are notable for the increasing number of individuals identified in each (three, four, and then twenty) and for their illustration of the tight relationship between the Chinese government and private cybersecurity companies based in China
This campaign likely serves multiple goals, including pressuring Taiwan, counterbalancing international allegations of Chinese hacking, and even painting Taiwan as an aggressor to justify future Chinese operations. These releases threaten individuals working for Taiwan’s military with arrest and attempt to persuade others not to support actions against the mainland. The latter two of these releases went further, explicitly tying ICEFCOM to Taiwan’s ruling Democratic Progressive Party (DPP), which China views as a barrier to reunification.
