How a Taiwan‑Backed Hacker Group Targeted a Guangzhou Tech Firm

Earlier, the Tianhe District Public Security Bureau in Guangzhou announced that a local technology company had been attacked by an overseas hacker organization. Police promptly launched an investigation, extracted the malicious program samples, secured related evidence, and assembled a technical team for traceability.

According to the police, the incident was taken seriously, and the technical team analyzed the extracted attack program and system logs. Preliminary findings indicate the attack was carried out by a hacker group nurtured by the Taiwanese Democratic Progressive Party authorities.

The investigation revealed that the Taiwanese hacker group has recently used public network asset scanning platforms to probe over a thousand critical systems across more than ten mainland provinces, covering sectors such as military, energy, water, transportation, and government. They collected basic system information and technical intelligence, and conducted multiple rounds of attacks using phishing emails, public vulnerability exploits, brute‑force password cracking, and simple homemade trojans.

Technical experts note that the group’s overall technical level is relatively low, employing crude attack methods and leaving many traceable clues. Their self‑made trojan programs are poorly coded, providing valuable forensic evidence for identifying the perpetrators and their locations. Although the attackers often use VPNs, overseas cloud hosts, and proxy machines with IP addresses from the United States, France, South Korea, Japan, the Netherlands, Israel, Poland, etc., investigators were able to trace the full attack chain and uncover the true intent.