In a stark escalation of cyber geopolitics, China has pivoted from decades of denying hacking allegations to actively weaponizing public attribution against Taiwan. Since September 2024, China's Ministry of State Security (MSS) has launched a coordinated campaign, releasing detailed accusations of cyber operations by Taiwan's Information, Communications, and Electronic Force Command (ICEFCOM). This marks a strategic shift: where China once dismissed international indictments, it now employs the same 'name-and-shame' tactics to paint Taiwan as an aggressor, threatening individuals and implicating Taiwan's ruling party. The campaign, amplified by private cybersecurity firms, not only intensifies cross-strait tensions but also signals a dangerous new norm where technical evidence becomes a tool for political coercion.

Article illustration 1

The Attribution Campaign: From Anonymity to Escalation

The MSS kicked off this effort on September 22, 2024, with a WeChat post alleging that the hacktivist group 'Anonymous 64' was a front for ICEFCOM. It named three individuals, accusing them of defacing Chinese websites—like a rail conference—and displaying anti-Communist Party imagery in Hong Kong. As one analyst noted, 'This was China's opening salvo in turning attribution into intimidation, filing criminal cases while offering scant proof.' The campaign ramped up in March 2025 with a second MSS release profiling ICEFCOM as an espionage unit and identifying four more personnel, complete with ID numbers. Crucially, this coincided with technical blogs from Chinese firms: Antiy detailed a fall 2024 campaign, QiAnXin exposed credential-theft operations (dubbing the group APT-Q-20), and DAS-Security shared indicators of compromise. The timing wasn't coincidental—it showcased a seamless alliance between state intelligence and private tech expertise.

Private Sector Complicity: Cybersecurity Firms as Geopolitical Pawns

The involvement of companies like Antiy, QiAnXin, and Qihoo 360 raises alarming questions about industry ethics. These firms provided the veneer of technical credibility to MSS claims, releasing tactics, techniques, and procedures (TTPs) that lent weight to accusations of Taiwanese aggression. For instance, QiAnXin's report outlined spear-phishing campaigns targeting Chinese entities, while Antiy reused its 2018 tracking of 'Green Spot' to bolster state narratives. This collaboration isn't just opportunistic; it reflects a calculated choice to prioritize Chinese Communist Party favor over global market trust. As one expert observed, 'These companies are burning bridges with international clients—why would a U.S. firm partner with Qihoo 360 when it echoes MSS propaganda?' The fallout is clear: private sector technical prowess is being harnessed not for defense, but for diplomatic warfare, eroding the neutrality essential for cross-border cybersecurity cooperation.

Geopolitical Goals and Future Implications

Behind the technical details lie multifaceted objectives. China aims to counter Western accusations—like U.S. indictments of Chinese hacking—by framing Taiwan as an equal threat. The releases increasingly tie operations to Taiwan's Democratic Progressive Party (DPP), labeling it a 'troublemaker' to undermine its legitimacy and bolster opposition groups. By May 2025, local police in Guangzhou escalated to a 'reward notice' naming 20 individuals, signaling a decentralized approach that could flood the infosphere with state-backed attributions. Contrast this with China's attributions of U.S. hacks, handled neutrally via CNCERT/CC without partisan finger-pointing. For developers and security professionals, this is a wake-up call: attribution data, once a cornerstone of threat intelligence, is now a geopolitical weapon. It risks chilling information sharing, complicating incident response, and exposing tech workers to state retaliation. As these tactics proliferate, the cybersecurity community must advocate for transparent, apolitical standards—or face a fragmented internet where code and conflict are inseparable.

Source: China is Using Cyber Attribution to Pressure Taiwan