Core Viewpoint - The report jointly released by the National Computer Virus Emergency Response Center, the National Engineering Laboratory for Computer Virus Prevention Technology, and 360 Digital Security Group exposes the activities of Taiwan's "Cyber Army" hacker organization, revealing its historical background, organizational structure, personnel composition, and network attack cases, highlighting its role in cyber espionage against mainland China [1][2]. Group 1: Background and Structure - The "Cyber Army" (officially the "Ministry of National Defense Cyber Army Command") was established on July 1, 2017, under the leadership of Tsai Ing-wen, and is considered Taiwan's fourth military branch with deep ties to the U.S. cyber forces [2][10]. - The organization integrates military, government, and civilian cyber capabilities and is referred to as Taiwan's most secretive unit [2][10]. Group 2: Cyber Attack Activities - The report identifies five hacker organizations under the "Cyber Army": APT-C-01 (Poison Ivy), APT-C-62 (Three-color Violet), APT-C-64 (Anonymous 64), APT-C-65 (Golden Leaf), and APT-C-67 (Ursula) [12]. - APT-C-01 has close ties with the U.S. Cyber Command and targets various sectors in mainland China, employing phishing tactics to steal sensitive information [13]. - APT-C-62 primarily attacks educational and transportation sectors, utilizing known vulnerabilities in web applications for cyber intrusions [14]. - APT-C-64 is involved in activities aimed at influencing public perception in mainland China, often exaggerating its successes [15][16]. - APT-C-65, supported by the U.S. military, focuses on stealing critical infrastructure data and has been linked to Taiwan's diplomatic activities [16]. - APT-C-67 targets IoT systems, particularly video surveillance, to gather intelligence [16]. Group 3: Technical Capabilities and Limitations - The cyber attack capabilities of Taiwan's hacker organizations are assessed to be at a low level, primarily relying on known vulnerabilities and lacking advanced zero-day exploits [18]. - They heavily depend on publicly available resources, including open-source tools and commercial penetration testing frameworks, indicating a lack of independent cyber weapon development [18]. - The organizations exhibit weak traceability and often leave identifiable traces in their phishing attempts, reflecting a lack of professional skills [19].

Core Viewpoint - The report reveals the activities of Taiwan's hacker organization, the "Cyber Army," which conducts cyber attacks against mainland China, aiming to disrupt national unity and steal sensitive data [1] Group 1: Organization Structure and Activities - The "Cyber Army," officially known as the "Ministry of National Defense Cyber Army Command," was established in 2017 and is responsible for coordinating cyber capabilities against mainland China and Hong Kong [1] - The organization consists of four internal departments: Information Communication Department, Network Operations Department, Electronic Warfare Department, and Logistics Department, along with a training center [1] Group 2: Attack Methods and Targets - The "Cyber Army" disguises itself as various hacker groups, employing techniques such as vulnerability scanning, password cracking, and phishing emails to steal sensitive data from mainland China [1] - In 2022, the hacker group "Poison Cloud Vine" focused on large-scale phishing attacks targeting research and education sectors in mainland China, while in 2023, it expanded its attacks to government, defense, and transportation sectors, particularly airports and civil aviation [1] - By 2024, the group aimed to extend its attacks to maritime sectors, attempting to steal maritime-related intelligence from mainland China [1] Group 3: Impact and Warnings - The "Cyber Army" has conducted thousands of large-scale cyber attacks on key departments and sectors in mainland China and Hong Kong, with malicious activities including the dissemination of separatist slogans and insults against Chinese national heroes [1] - Experts warn that despite the relatively low technical level of these attacks, there is a risk of more sophisticated and covert attacks if the hackers gain significant access, potentially sharing information with foreign entities [1]