A newly exposed cyber campaign is threatening the backbone of Taiwan’s critical infrastructure — and the fingerprints left behind point directly toward Chinese state-backed hacking groups, including the infamous Volt Typhoon.
Researchers at Cisco Talos have uncovered a sustained and deeply strategic attack campaign, active since at least 2023, designed to infiltrate and establish persistent access to key infrastructure sectors across Taiwan. The attackers are reportedly part of a group dubbed UAT-5918, and their methods bear a chilling resemblance to Chinese-sponsored cyber-espionage outfits such as Volt Typhoon, Flax Typhoon, and others like Famous Sparrow and Earth Estries.
According to the report, UAT-5918 has specifically targeted telecommunications, healthcare, information technology, and other critical sectors that form the pillars of Taiwan’s national stability. This is not a smash-and-grab operation — this is a long-game infiltration effort with the goal of long-term access, data theft, and potential disruption.
The entry point? Classic negligence — unpatched web and application servers exposed to the public internet. Once inside, the attackers move laterally using open-source tools, stealing credentials, creating administrative-level accounts, and positioning themselves for deeper access and potential sabotage.
Cisco Talos warns that many of the tools used for credential harvesting and data exfiltration match those employed by Volt Typhoon and Flax Typhoon. This strongly suggests shared resources, infrastructure, or even personnel across these Chinese hacking groups. These findings come at a time when geopolitical tensions in the region are hitting critical mass.
A Broader Threat Network
The links between UAT-5918 and other groups under the Chinese umbrella are not coincidental. In January, the U.S. government sanctioned a Chinese cybersecurity firm allegedly involved in providing Flax Typhoon with operational infrastructure. The move signaled a more aggressive approach by U.S. authorities to combat these threats at the source.
Meanwhile, Volt Typhoon — already infamous in Washington — is under increasing scrutiny for its apparent focus on U.S. critical infrastructure, which many fear could be laying the groundwork for future acts of cyberwarfare or sabotage. The House Homeland Security Committee has voiced serious concerns and is pushing for heightened oversight and response protocols.
Flax Typhoon, first brought into the public eye by Microsoft researchers, has been active since 2021 and has maintained a consistent focus on Taiwanese government, education, critical manufacturing, and IT organizations. Its reach, however, is global — with victims detected in Southeast Asia, North America, and Africa.
IoT Devices as Attack Vectors
In a stark warning, FBI Director Christopher Wray highlighted Flax Typhoon’s exploitation of everyday IoT hardware — including security cameras, video recorders, and storage devices — as a means of gaining footholds in both large and small networks. According to Wray, around 50% of the infected devices in the botnet were located inside the United States, revealing just how vulnerable everyday tech infrastructure has become.
With court authorization, the FBI has since launched a successful takedown of parts of the Flax Typhoon botnet, removing malware from infected devices and seizing control of their internet infrastructure. Still, the warning is clear: These operations are far from over.
Operation FishMedley: Another Front in the Cyber War
In a separate but equally concerning development, ESET researchers released findings on “Operation FishMedley,” an earlier Chinese campaign from 2022 linked to a cybersecurity firm known as i-Soon, based in Chengdu, China. ESET refers to i-Soon’s operational arm as “FishMonger.”
This campaign wasn’t limited to Taiwan. It reached Hungary, Turkey, Thailand, France, and the United States, targeting both government and private-sector entities. The overlap in tactics with other Chinese state-sponsored groups further indicates a coordinated, multi-pronged cyber assault infrastructure.
The timing of the ESET report is no accident — it corresponds with a U.S. indictment revealing details of i-Soon’s ties to the Chinese government and their roles in espionage activities.
Rising Tensions: Digital and Physical
Taiwan continues to face escalations not only in the cyber realm but also militarily, with China conducting air and sea drills around the island this week. This follows the U.S. State Department’s recent removal of language supporting the “One China” principle — a move that triggered a fiery rebuke from Beijing, which accused Washington of sending “wrong signals to Taiwan separatist forces.”
In a retaliatory narrative, China’s Ministry of State Security accused four individuals allegedly tied to Taiwan’s military of engaging in cyberespionage against mainland targets — another move in the intensifying information and propaganda war.
Bottom Line: The campaign against Taiwan is bigger than a single hacking group. This is part of a larger coordinated cyber offensive, one that seeks not only to steal data but to erode trust, destabilize infrastructure, and insert control mechanisms deep within national systems. The real war may not come in tanks and missiles — it’s already here, in the form of keyloggers, botnets, and digital espionage.
Stay vigilant. What happens to Taiwan might be a blueprint for what’s to come elsewhere.
Help us bring real change! Corporate lobbying has corrupted our system for too long, and it’s time to take action. Please sign and share this petition—your support is crucial in restoring accountability to our government. Every signature counts! Thank you!
https://www.ipetitions.com/petition/restore-our-republic-end-lobbying
Support truth, health, and preparedness by shopping the Alex Jones Store through our link. Every purchase helps sustain independent voices and earns us a 10% share to fuel our mission. Shop now and make a difference!
https://thealexjonesstore.com?sca_ref=7730615.EU54Mw6oyLATer7a
Sponsored • TRJ Ads
Inquiries: contact@therealistjuggernaut.com
