726 Cybersecurity Incidents Reported by Taiwan Government Agencies in 2025; MODA Warns of 5 Major Threats
Taiwan's Administration for Cyber Security (ACS) reported 726 cybersecurity incidents in government agencies for 2025. Unauthorized access accounted for 68.6% of cases. The ACS identified five major threats, including counterfeit software and network vulnerabilities, urging agencies to strengthen management and backup protocols.
📋 Article Processing Timeline
- 📰 Published: May 24, 2026 at 10:23
- 🔍 Collected: May 24, 2026 at 10:31 (8 min after Published)
- 🤖 AI Analyzed: May 31, 2026 at 20:49 (178h 18m after Collected)
Central News Agency (Taipei, 24th) - The Administration for Cyber Security (ACS) under the Ministry of Digital Affairs (MODA) announced that a total of 726 cybersecurity incidents were reported by government agencies in 2025. Unauthorized access was the most prevalent, accounting for 68.60% of the cases. The ACS warned agencies to verify and mitigate five major threats, including the installation of counterfeit instant messaging software and vulnerabilities or configuration risks in network edge devices.
In accordance with the Regulations on Cyber Security Incident Reporting and Response, agencies classify reported incidents into four levels, from 1 (lightest) to 4 (most severe), based on the impact on confidentiality, integrity, and availability.
The ACS stated that there were 726 reported incidents in 2025 (excluding live drills), a decrease of 29 from 2024. Level 1 incidents accounted for 87.33%, followed by Level 2 at 9.78% and Level 3 at 2.89%. No Level 4 incidents occurred.
By type, unauthorized access led at 68.60%, followed by equipment issues (15.43%), denial-of-service attacks (4.96%), web attacks (2.48%), and others.
Based on threat intelligence and 2025 case studies, the ACS analyzed common hacker techniques and proposed five major security recommendations. First, users often download counterfeit communication software from unofficial sites when replacing devices, leading to backdoor installations. Agencies should establish strict software installation and approval mechanisms.
Second, ransomware groups use custom drivers to evade detection. Agencies should perform regular vulnerability scans, deploy web application firewalls, and maintain endpoint protection.
Third, supply chain management gaps, such as maintenance vendors installing remote desktop software on web servers, have led to brute-force attacks. Agencies must enforce supplier security management, including access control and regular audits.
Fourth, network edge devices with vulnerabilities or configuration risks have led to malicious connections. The ACS recommends a whitelist strategy, blocking unnecessary ports, and ensuring firmware is updated.
Fifth, social engineering combined with cloud service abuse has led to data leaks. Agencies should implement email filtering, sandbox detection, and restrict cloud sharing permissions.
The ACS emphasized that agencies must maintain data backup and recovery capabilities and conduct Business Continuity Plan (BCP) drills. Furthermore, the MODA is promoting encrypted, distributed backup mechanisms across public clouds to enhance overall cyber resilience.
In accordance with the Regulations on Cyber Security Incident Reporting and Response, agencies classify reported incidents into four levels, from 1 (lightest) to 4 (most severe), based on the impact on confidentiality, integrity, and availability.
The ACS stated that there were 726 reported incidents in 2025 (excluding live drills), a decrease of 29 from 2024. Level 1 incidents accounted for 87.33%, followed by Level 2 at 9.78% and Level 3 at 2.89%. No Level 4 incidents occurred.
By type, unauthorized access led at 68.60%, followed by equipment issues (15.43%), denial-of-service attacks (4.96%), web attacks (2.48%), and others.
Based on threat intelligence and 2025 case studies, the ACS analyzed common hacker techniques and proposed five major security recommendations. First, users often download counterfeit communication software from unofficial sites when replacing devices, leading to backdoor installations. Agencies should establish strict software installation and approval mechanisms.
Second, ransomware groups use custom drivers to evade detection. Agencies should perform regular vulnerability scans, deploy web application firewalls, and maintain endpoint protection.
Third, supply chain management gaps, such as maintenance vendors installing remote desktop software on web servers, have led to brute-force attacks. Agencies must enforce supplier security management, including access control and regular audits.
Fourth, network edge devices with vulnerabilities or configuration risks have led to malicious connections. The ACS recommends a whitelist strategy, blocking unnecessary ports, and ensuring firmware is updated.
Fifth, social engineering combined with cloud service abuse has led to data leaks. Agencies should implement email filtering, sandbox detection, and restrict cloud sharing permissions.
The ACS emphasized that agencies must maintain data backup and recovery capabilities and conduct Business Continuity Plan (BCP) drills. Furthermore, the MODA is promoting encrypted, distributed backup mechanisms across public clouds to enhance overall cyber resilience.
FAQ
Which agency oversees cybersecurity for Taiwan's government agencies?
The Administration for Cyber Security under the Ministry of Digital Affairs (MODA) is responsible for overseeing these matters.