Recently, Associate Professor Lin Yingyou from Tamkang University in Taiwan discussed and analyzed the topic of “Recent Use and Techniques of Chinese Communist Network Spies” at a seminar held at the National Taiwan Ocean University in Taipei. He pointed out the hacker methods affiliated with the Chinese Communist Party and proposed enhancements to Taiwan’s cybersecurity strategy.
According to Lin Yingyou, based on the “2025 Annual Threat Assessment of the U.S. Intelligence Community” released by the U.S. Office of the Director of National Intelligence, it is known that the Chinese Communist Party poses a significant threat to various aspects, including the U.S. government, private companies, and critical infrastructure. Prior to regional conflicts, the Chinese Communist Party conducts pre-infiltration cyber espionage activities on critical infrastructure, impacting high-level decision-making in the U.S. government, causing societal panic in other countries, and even inhibiting U.S. military operations.
Lin Yingyou mentioned that the Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), and the Federal Bureau of Investigation (FBI) of the United States have acknowledged that the Chinese Communist Party has developed the capability to control the critical infrastructure of target countries, enabling hacker organizations to destroy hardware and software equipment crucial to a country’s lifeline at specific times.
Regarding collaboration with hackers, Lin Yingyou stated that besides direct financial support, the People’s Liberation Army (PLA) also provides privileged benefits to hackers willing to cooperate. When engaging in gray-area online activities, these hackers may be granted legal immunity, motivating them to work more closely with the government.
Lin Yingyou explained that the Chinese Communist Party has always valued changes in online public opinion and conducted specialized research in this area. The PLA proposed the concept of “brainwashing rights” in 2014, believing that controlling media and propaganda would be a crucial battlefield in the future and a key area of competition. Information technology will play a vital role in gaining an advantage in this new battlefield, where future cyber warfare will not only involve intelligence gathering and system vulnerability exploitation but also integrate new information technology into the realm of public opinion warfare, advancing online warfare to a new stage.
Regarding technology, Lin Yingyou pointed out that the current main form of operation for Chinese Communist hackers is Advanced Persistent Threat (APT) attacks. These attacks primarily involve launching zero-day attacks using malicious program-containing emails or changing file names in reverse order and syntax to make malicious executable files appear similar to regularly encountered attachments (malicious programs often masquerade as Word, PDF, Excel, RTF files).
Lin Yingyou mentioned that Chinese Communist hackers aim to lower victims’ guard by disguising malicious programs as common files, hoping that victims will directly download and run these files. The goal is to infiltrate the target system and achieve their objectives. An essential feature of APT attacks is that attackers tailor attack emails to the specific characteristics of the target, exploiting details unique to the target.
He also highlighted how Chinese Communist hackers aim to deceive victims by disguising the attack emails as being from familiar contacts or related topics of interest to the target, thus increasing the likelihood of recipients opening the attachments. While they may not always gain authority to directly send emails on behalf of the forged entity, they can confuse targets by presenting email addresses similar to official ones through formal applications to gain trust.
Lin Yingyou emphasized that the significant feature of APT attacks is the transition from phishing emails to spear-phishing attacks. Hackers meticulously target individuals, gathering detailed information on their preferences, habits, relationships, and system usage to craft tailored attack emails and file patterns. This precision targeting is the key characteristic of spear-phishing attacks.
Additionally, Lin Yingyou stated that APT attacks will be planned based on the target’s recent schedule, such as choosing specific times when targets are abroad or likely to attend upcoming meetings, and then issuing invitations in an attempt to deceive targets into divulging passwords and personal information.
He provided an example where a legislator in Taiwan received a forged invitation from a government training organization before being elected. The invitation requested the legislator to write analytical articles and deliver a speech at a training center. The legislator willingly agreed and provided personal information for financial reimbursement purposes. On the scheduled meeting day, upon arrival at the venue, there was no meeting being held. Subsequently, investigation revealed that the training unit never issued the invitation notice, yet the content of the email displayed by the victim contained genuine unit and contact person information.
Lin Yingyou noted that incidents like these frequently occur among scholars, where organizations send invitations under the guise of research projects or conferences. Without additional verification by phone or other means of communication, targets are often deceived by individuals with ulterior motives.
Lin Yingyou pointed out that the Chinese Communist Party’s extensive cyber espionage operations have had a profound impact on various governments, private companies, and Taiwan’s existing cybersecurity cooperative system has proven insufficient in addressing related information security incidents. He urged for a change in organizational culture to prevent the Chinese Communist Party from successfully launching cyberattacks against Taiwan by leveraging resources from the National Security Bureau, the PLA, provincial-level security bureaus, local party organizations, and the State Council, creating a unified “Thousand Sands Theory” intelligence strategy.
He recommended advancing actions in the National Cybersecurity Strategy 2025 – “Cybersecurity is National Security,” asserting that the government must ensure the digital resilience of critical infrastructure in areas such as energy, communication, transportation, finance, and healthcare, in addition to wartime resilience. He also stressed the importance of implementing non-red supply chains for critical industries, cautioning against using electronic components manufactured in China, which could introduce backdoor programs into systems and pose information security risks.
Lin Yingyou mentioned that due to cross-strait political factors, the Communist Party’s cyber army frequently uses Taiwan as a testing ground for hacking attacks, utilizing zombie networks as relay stations for external strikes. However, this has allowed Taiwan’s cybersecurity industry to accumulate a large number of analysis samples, contributing to advancements in technology based on past information advantages.
In future warfare, Lin Yingyou emphasized that cybersecurity is an absolute key to victory, with the impact of digital capabilities on the battlefield comparable to traditional defense industries. Developing the cybersecurity industry with a defense industry mindset, focusing on talent, technology, and hardware/software integration, will strengthen national security and the economy, representing a direction for Taiwan’s development.
Lin Yingyou stated that today’s cybersecurity challenges have transcended purely technical aspects, as the impact and destruction caused by cyber army attacks have surpassed the threat posed by black hat hackers. This shift highlights the need to elevate cybersecurity issues to the level of national strategy. Past academic research on information security has often focused on cryptography and theory, leading to a disconnect from practical applications. Meanwhile, research conducted by cybersecurity companies tends to prioritize operational aspects, overlooking comprehensive considerations.
He stressed that future research in the field of cyber warfare should incorporate a national strategic perspective, intertwining intelligence thinking with defense industry viewpoints to approach cybersecurity issues through an interdisciplinary integration angle.