Workflow
揭开台湾网络战部队真面目,深度曝光其历史背景、工作任务等信息
Huan Qiu Wang·2025-06-06 00:59

Core Viewpoint - The report jointly released by the National Computer Virus Emergency Response Center, the National Engineering Laboratory for Computer Virus Prevention Technology, and 360 Digital Security Group exposes the activities of Taiwan's "Cyber Army" hacker organization, revealing its historical background, organizational structure, personnel composition, and network attack cases, highlighting its role in cyber espionage against mainland China [1][2]. Group 1: Background and Structure - The "Cyber Army" (officially the "Ministry of National Defense Cyber Army Command") was established on July 1, 2017, under the leadership of Tsai Ing-wen, and is considered Taiwan's fourth military branch with deep ties to the U.S. cyber forces [2][10]. - The organization integrates military, government, and civilian cyber capabilities and is referred to as Taiwan's most secretive unit [2][10]. Group 2: Cyber Attack Activities - The report identifies five hacker organizations under the "Cyber Army": APT-C-01 (Poison Ivy), APT-C-62 (Three-color Violet), APT-C-64 (Anonymous 64), APT-C-65 (Golden Leaf), and APT-C-67 (Ursula) [12]. - APT-C-01 has close ties with the U.S. Cyber Command and targets various sectors in mainland China, employing phishing tactics to steal sensitive information [13]. - APT-C-62 primarily attacks educational and transportation sectors, utilizing known vulnerabilities in web applications for cyber intrusions [14]. - APT-C-64 is involved in activities aimed at influencing public perception in mainland China, often exaggerating its successes [15][16]. - APT-C-65, supported by the U.S. military, focuses on stealing critical infrastructure data and has been linked to Taiwan's diplomatic activities [16]. - APT-C-67 targets IoT systems, particularly video surveillance, to gather intelligence [16]. Group 3: Technical Capabilities and Limitations - The cyber attack capabilities of Taiwan's hacker organizations are assessed to be at a low level, primarily relying on known vulnerabilities and lacking advanced zero-day exploits [18]. - They heavily depend on publicly available resources, including open-source tools and commercial penetration testing frameworks, indicating a lack of independent cyber weapon development [18]. - The organizations exhibit weak traceability and often leave identifiable traces in their phishing attempts, reflecting a lack of professional skills [19].