Published on: March 20, 2025
China’s Ministry of State Security (MSS) has accused a Taiwan-based cyber group of launching large-scale attacks against the Chinese mainland. In an article published Monday, the MSS revealed details about four individuals linked to Taiwan’s “Information, Communications and Electronic Force Command” (ICEFCOM), alleging they have been involved in espionage and cyber infiltration.
Chinese cybersecurity firm Qi-Anxin identified the “Poison Vine group” (APT-Q-20) as a key player in these attacks, claiming it has been targeting government, military, and scientific research institutions for years. The group allegedly uses phishing emails, fake websites, and watering hole attacks to steal sensitive information. Since 2018, it has reportedly been imitating social media platforms, government portals, and email systems to collect intelligence.
The report highlights two primary attack methods: phishing websites designed to steal credentials and phishing emails impersonating professionals from think tanks, military agencies, and civil service organizations. Qi-Anxin warns that over 30 percent of vulnerabilities exploited in these attacks stem from weak passwords on routers, cameras, and other networked devices, making them easy targets for brute-force attacks.
Despite describing Taiwan’s hacking tools as relatively unsophisticated, Qi-Anxin notes that the group has been continuously registering new domains and acquiring servers for over 15 years to sustain its operations. With geopolitical tensions escalating, experts warn that espionage-related cyberattacks from Taiwan-linked groups are expected to increase.
MSS officials urge individuals and businesses to strengthen cybersecurity measures, particularly by securing devices with complex passwords and staying vigilant against phishing attempts. China’s warning reinforces the growing concerns over cyber warfare in the region.