ArchiveOODA Original

Will China Replicate Russia’s Cyber Offensives in a Taiwan Reunification?

The current situation in the Ukraine has garnered the world’s attention with stakeholders watching attentively as the crisis unfolds. Such regional hotspots have the potential of spilling over into neighboring countries and pulling in governments from all over the world in some capacity. The threat of armed conflict escalating into a major global engagement is always a possibility. China and Taiwan are eagerly watching the crisis as well, but largely for different reasons. While Taiwan is interested to see how friendly governments come to Ukraine’s aid, China is observing how Russia may go about reclaiming territory of the former Soviet Union, in the attempts of gaining insight into how such an act can be accomplished successfully, should Moscow do just that.

The Russia-Ukraine situation bears striking similarities to longstanding issues between China and Taiwan. Both scenarios feature a larger, stronger government seeking to claim territory that was formerly under its historical control. And while both boast some of the largest, most advanced militaries, it’s their cyber capabilities that have been discussed frequently in the press. Both China and Russia are highly cyber-capable, with a well-resourced and well-financed cyber apparatus in place able to conduct myriad types of attacks, from the most rudimentary to the most sophisticated. They also both have access to eager nationalistic and patriotic communities ready to be leveraged to support their respective government’s interests. However, while China has used its cyber capabilities primarily to support intelligence collection and intellectual property theft, Russia has been more ambitious trying to figure out how to implement more aggressive cyber attacks into real-world conflicts in which it seeks to achieve a strategic objective.

Many U.S. government officials expect that Russia will execute disruptive cyber attacks against key critical infrastructure targets like energy, finance, and telecommunications prior to executing an invasion in an attempt to incite civil unrest, confusion, and cause the Ukrainian government to divide its attention. Russia has been on the forefront of using cyber attacks during periods of geopolitical conflict from 2007 distributed denial-of-service attacks against Estonia to the 2017 NotPetya ransomware attack that first affected key Ukrainian targets, and several incidents in between. Moscow has achieved varying levels of success during these engagements where it has implemented cyber and information-enabled attacks into its hybrid warfare strategy. With each conflict, Moscow has learned what has worked and what has not, improving how to deploy these offensives against targets culminating in its successful annexation of Crimea in 2014. Follow on cyber and information-enabled operations in the form of disruptive attacks against Ukraine continued on this path. Looking at the current situation, further refinements will likely be exhibited should Russia decide to use military action. There may be no more interested party than Beijing should this happen.

If Ukraine has been a “test bed” for Russian cyber malfeasance, so has Taiwan at the hands of China. Taiwan has been a frequent target of Chinese-initiated malicious cyber activity that has ranged from nuisance type attacks such as web-page defacements, to information theft to support espionage or intellectual property theft, to more disruptive attacks. According to Taiwan officials in 2021, Taiwan faced approximately 5 million cyber attacks a day with nearly half originating from mainland China, though what they considered an attack was not shared, nor were the types of attacks that were recorded. Beijing has demonstrated a full-scope cyber capability and has long been considered the most pervasive cyber actor conducting global cyber campaigns.  According to a 2021 Annual Threat Assessment published by the U.S. Intelligence Community, China – not Russia – was the bigger threat, a determination swayed in part by China’s prolific cyber initiatives. Indeed, Chinese President Xi Jinping promised to make China a cyber superpower in 2014. Per a 2021 report on states’ core cyber prowess, Xi is making good on his promises as China was ranked close behind the United States.

Some other notable examples of China-attributed cyber activity against Taiwan include but are not limited to:

  • According to a leading computer security company, between 2020 and 2021, a China-linked state-sponsored actor ran an espionage campaign targeting financial institutions and one manufacturing company in Taiwan.
  • In 2020, Taiwan government linked a series of hacking attacks to groups affiliated with the Chinese government. The cyber espionage activity targeted at least 10 Taiwan government agencies, affecting 6,000 Taiwan government officials’ accounts in order to steal important data.
  • Also in 2020, Chinese government-linked hackers targeted Taiwan’s CPC Corporation, a state-owned petroleum, natural gas, and gasoline company impacting customers’ ability to purchase fuel. In addition, 10 other critical infrastructure entities were targeted by these hackers. Taiwan government investigative agency determined that these organizations had been targeted by ransomware.
  • A Taiwanese cybersecurity company identified Chinese cyber activity stealing source code, chip designs, and other intellectual property from at least seven Taiwanese chip firms over a two-year period. The company indicated potential ties to the Chinese government but stopped short of direct accusation.

Whether purposefully or not, there is evidence indicating that China may have already followed Russia’s lead in getting accesses to targets of interest for follow-on operations. Recent revelations of China’s exploitation of India’s energy sector suggest that China is not only focused on cyber espionage for political and economic advantage, but also creating and maintaining accesses that could be used to facilitate more damaging attacks. Some have considered a power outage in Mumbai may have been a result of a Chinese executed cyber attack, although India denied the allegations.

Given that at least some of Taiwan’s critical infrastructure is connected to the Internet, experts firmly believe that China has already infiltrated key critical infrastructure networks that would enable Beijing to execute disruptive and/or destructive cyber attacks ahead of any invasion of the island. This would be consistent for Beijing who has developed various plans ranging from full military invasion to non-kinetic capture to accomplish this very goal. As a “first strike” weapon, cyber attacks would support either action against Taiwan, though they would have to be executed timely, using the right types of attacks (e.g., disruptive, destructive, influence, propaganda) and against the right targets. This is where Russia’s past experience has been an invaluable resource, and why their use of cyber and information-enabled attacks now will further aid Beijing’s understanding of what can be accomplished using these tools and to what degree they should be relied upon in its own territory reclamation effort. Effective cyber disruption, cyber destruction, propaganda, and internal and external influence messaging all must work in strategic harmony, a difficult feat to achieve. If and when Beijing pulls the trigger on Taiwan, it will so having been informed by the blueprint Moscow has provided. But as its own architect, Beijing will tailor it to suit its own needs.


Become A Member

OODA Loop provides actionable intelligence, analysis, and insight on global security, technology, and business issues. Our members are global leaders, technologists, and intelligence and security professionals looking to inform their decision making process to understand and navigate global risks and opportunities.

You can chose to be an OODA Loop Subscriber or an OODA Network Member. Subscribers get access to all site content, while Members get all site content plus additional Member benefits such as participation in our Monthly meetings, exclusive OODA Unlocked Discounts, discounted training and conference attendance, job opportunities, our Weekly Research Report, and other great benefits. Join Here.

For more information please click here. Thanks!

Already a member?  Sign in to your account.

Related Reading:

Black Swans and Gray Rhinos

Now more than ever, organizations need to apply rigorous thought to business risks and opportunities. In doing so it is useful to understand the concepts embodied in the terms Black Swan and Gray Rhino. See: Potential Future Opportunities, Risks and Mitigation Strategies in the Age of Continuous Crisis

Explore OODA Research and Analysis

Use OODA Loop to improve your decision making in any competitive endeavor. Explore OODA Loop

Decision Intelligence

The greatest determinant of your success will be the quality of your decisions. We examine frameworks for understanding and reducing risk while enabling opportunities. Topics include Black Swans, Gray Rhinos, Foresight, Strategy, Stratigames, Business Intelligence and Intelligent Enterprises. Leadership in the modern age is also a key topic in this domain. Explore Decision Intelligence

Disruptive/Exponential Technology

We track the rapidly changing world of technology with a focus on what leaders need to know to improve decision-making. The future of tech is being created now and we provide insights that enable optimized action based on the future of tech. We provide deep insights into Artificial Intelligence, Machine Learning, Cloud Computing, Quantum Computing, Security Technology, Space Technology. Explore Disruptive/Exponential Tech

Security and Resiliency

Security and resiliency topics include geopolitical and cyber risk, cyber conflict, cyber diplomacy, cybersecurity, nation state conflict, non-nation state conflict, global health, international crime, supply chain and terrorism. Explore Security and Resiliency


The OODA community includes a broad group of decision-makers, analysts, entrepreneurs, government leaders and tech creators. Interact with and learn from your peers via online monthly meetings, OODA Salons, the OODAcast, in-person conferences and an online forum. For the most sensitive discussions interact with executive leaders via a closed Wickr channel. The community also has access to a member only video library. Explore The OODA Community

Resources for the C-Suite and Crisis Management Team on Ukraine:

Twitter List For Tactical Information: This Twitter list of vetted resources that have reported accurately on tactical moves in the Ukrainian theater can be used to quickly capture the gist of a dynamic military situation.

C-Suite Guide: Improving Cybersecurity Posture Before Russia Invades Ukraine: The capabilities of Russia to conduct cyber espionage and cyber attack have been battle tested and are hard to thwart even during daily “peacetime” operations. They include well resourced capabilities of the military and intelligence services and also deep technical expertise in the Russian business ecosystem and in organized crime which operates as part of Russian national power. Proof points of Russian capabilities include the massive and sophisticated Solar Winds attacks which leveraged low and slow, well thought out plans to achieve access to multiple well-protected targets. Ransomware successes by Russian based criminal networks are also instructive as to the capability of Russian cyber threat actors. The use of malicious self replicating code (worms/virus/trojan) to spread malicious code into infrastructure is also well proven with decades of practice including fielding software that replicates from unclassified to classified systems in the military and spreads throughout critical infrastructure. This post goes beyond an articulation of the threat into recommendations leaders seeking to mitigate cyber threats from Russia including threats before, during and after a Ukraine invasion.

What The C-Suite Needs To Know About The Threat To Space Based Systems (and what to do about it): OODA recently updated the analysis below on threats to space based assets (with a focus on what the C-Suite needs to know) because of tensions with Russia and continued testing of satellite destruction capabilities the most recent of which (Nov 2021) caused significant increases in dangerous space debris.  We recommend this be read in conjunction with our report on what the C-Suite needs to know about the cybersecurity threats due to the coming Russian invasion of Ukraine, see links in the document for more.

Will China Replicate Russia’s Cyber Offensives in a Taiwan Reunification?: The current situation in the Ukraine has garnered the world’s attention with stakeholders watching attentively as the crisis unfolds. Such regional hotspots have the potential of spilling over into neighboring countries and pulling in governments from all over the world in some capacity. The threat of armed conflict escalating into a major global engagement is always a possibility. China and Taiwan are eagerly watching the crisis as well, but largely for different reasons. While Taiwan is interested to see how friendly governments come to Ukraine’s aid, China is observing how Russia may go about reclaiming territory of the former Soviet Union, in the attempts of gaining insight into how such an act can be accomplished successfully, should Moscow do just that.

A Warning for the U.S. Chip Industry: Russian Retaliation Could Hit Supply of Key Materials: Russia may retaliate against the U.S. threat of trade sanctions and export curbs by blocking access to key materials like neon and palladium. Ukraine supplies over 90% of U.S. semiconductor-grade neon. This type of supply chain-based retaliation has become a priority concern for the White House, which is encouraging a broad diversification of the supply chain in the event Russia limits access to these key materials.

In 2022, the Strategic Impact of Global Intermodal Supply Chain Gridlock on IT Supply Chain Remains High: The OODA Loop Research Team has been tracking the impact on supply chains from the onset of the pandemic.

Russia’s Long Game, Leadership Lessons, and Learning from Failure: In February of 2021, Matt Devost spoke to Rob Richer, a highly regarded advisor to international executives and global government leaders including several heads of state. Rob has a well-informed perspective on international risks and opportunities and an ability to analyze and distill observations in a way that is meaningful for your decision-making process. In light of the conditions in Europe, this portion of their initial OODAcast conversation is timely and includes a discussion of Richer’s time as the head of CIA Russian Operations, his perspective on U.S./Russian relations (especially the role of cyber), leadership, the role of failure, and decision-making.

Charity Wright on China’s Digital Colonialism: Charity Wright is a Cyber Threat Intelligence Analyst with over 15 years of experience at the US Army and the National Security Agency, where she translated Mandarin Chinese. Charity now specializes in dark web cyber threat intelligence, counter-disinformation, and strategic intelligence at Recorded Future. Her analysis has provided deep insights into a variety of incidents, activities and strategic moves by well resourced adversaries, primarily actors operating in China.

The January 2022 OODA Network Member Meeting: Putin, Russia, Gray Zone Conflict Capabilities and The Future of Europe: To help members optimize opportunities and reduce risk, OODA hosts a monthly video call to discuss items of common interest to our membership. These highly collaborative sessions are always a great way for our members to meet and interact with each other while talking about topics like global risks, emerging technologies, cybersecurity, and current or future events impacting their organizations. We also use these sessions to help better focus our research and better understand member needs.

CISA Insights Bulletin Urges U.S. Preparation for Data Wiping Attacks :In what felt like coordinated attacks last Friday, data-wiping malware (masquerading as ransomware) hit Ukrainian government organizations and was quickly followed by an aggressive unattributed cyber attack on Ukrainian government sites. The attacks prompted the release of a CISA Insights Bulletin urging U.S. organizations to strengthen their cybersecurity defenses.

Additional Context on OODA Reporting on Russia’s Military-Technical Maneuvers in Europe: We are conscious of our need to keep our usual variety of News Brief and OODA Analysis, but for obvious reasons, this week is top-heavy with Russian, NATO, and Ukrainian coverage. We intend on keeping our focus on providing context you need vice the blow by blow of major moves. Like in other domains we endeavor to provide the “So What?” and “What’s Next?” you need to help drive your decisions.

OODA Research Report- The Russian Threat: This special report captures insights into the capabilities and intent of the Russian Threat, with a special focus on the cyber domain. Our objective: provide insights that are actionable for business and government leaders seeking to mitigate risks through informed decisions.

Emilio Iasiello

Emilio Iasiello

Emilio Iasiello has nearly 20 years’ experience as a strategic cyber intelligence analyst, supporting US government civilian and military intelligence organizations, as well as the private sector. He has delivered cyber threat presentations to domestic and international audiences and has published extensively in such peer-reviewed journals as Parameters, Journal of Strategic Security, the Georgetown Journal of International Affairs, and the Cyber Defense Review, among others. All comments and opinions expressed are solely his own.