🚨WK 02: Taiwan Cyberattack surges, Salt Typhoon hits Australia’s Critical Infrastructure, China Hacked U.S. Congressional Committee Staff Emails, WhatsApp Worm Spreads Astaroth Banking Malware

Taiwan Cyberattack Surge on Energy Infrastructure

Taiwan’s National Security Bureau (NSB) warns that Chinese-linked cyberattacks on the island’s critical infrastructure surged in 2025, with a tenfold increase in targeting of the energy sector compared to the previous year. Across nine key infrastructure categories — including energy, emergency services, hospitals, finance, and transportation — Taiwan recorded an average of 2.63 million intrusion attempts per day, up significantly from prior years. The energy sector led the growth, far outpacing other categories, and attacks were often synchronized with Chinese military exercises and politically sensitive events. NSB analysts characterize these operations as part of a broader hybrid warfare strategy, employing a range of tactics such as exploitation of system vulnerabilities, distributed denial-of-service (DDoS) attacks, supply-chain intrusions, and social engineering to probe and disrupt essential services.

Key Points

• Chinese cyber intrusions averaged 2.63 million per day against Taiwanese infrastructure in 2025.

• Energy sector attacks increased tenfold year-over-year, outpacing other critical sectors.

• Attacks were often correlated with military drills and political events, suggesting strategic timing.

• NSB attributes operations to coordinated use of multiple malicious methods: vulnerability exploitation, DDoS, social engineering, and supply-chain compromise.

• This surge forms part of a broader hybrid threat campaign to pressure Taiwan’s government and infrastructure resilience.

Link: Taiwan Reports Tenfold Surge in Chinese Cyberattacks on Energy Sector in 2025

💻 Malware and Vulnerabilities

Radware Uncovers ZombieAgent Malware: Radware reveals ZombieAgent, a newly discovered malware strain focused on stealthy persistence and command-and-control capabilities across compromised systems. Link

CISA Warns of Actively Exploited ICS Vulnerabilities: CISA issues an advisory on industrial control system flaws that could enable disruption or sabotage, urging immediate mitigation by asset owners. Link

WhatsApp Worm Spreads Astaroth Banking Trojan: Researchers report a self-propagating WhatsApp worm distributing the Astaroth banking malware through malicious messages and social engineering tactics. Link

Malicious Chrome Extensions Caught Stealing User Data: Two Chrome browser extensions were found abusing permissions to harvest sensitive data, renewing concerns about extension store security. Link

Cybercriminals Abuse Google Cloud Email Services: Threat actors are leveraging Google Cloud email infrastructure to distribute phishing campaigns while evading traditional detection controls. Link

📈 Breaches and Incidents

China Hack Targets U.S. Congressional Committee Staff Email: Reuters reports that China-linked hackers compromised email systems used by U.S. congressional staff, intensifying concerns over foreign surveillance. Link 

U.S. Gas Station Operator Suffers Data Breach: A breach at a U.S. gas station company exposed customer data, highlighting continued cyber risk across the energy and retail sectors. Link

California Urgent Care Clinic Reports Patient Data Breach: A healthcare provider disclosed a breach compromising Social Security numbers and medical information, adding to mounting healthcare cybersecurity concerns. Link

Ledger Confirms Customer Data Leak: Hardware wallet maker Ledger disclosed a customer data leak, reigniting concerns over targeted phishing and crypto user safety. Link

Investigator Exposes Users of White Supremacist Sites: A security researcher uncovered how poorly secured extremist websites exposed user identities, raising ethical and legal questions. Link

🚨 Threat Intel & Info Sharing

Taiwan Sees Tenfold Surge in Chinese Cyberattacks on Energy Sector: Taiwan reports a dramatic increase in China-linked cyber intrusions targeting its energy infrastructure in 2025, underscoring escalating pressure on critical services amid regional tensions. Link

Salt Typhoon Hackers Likely Inside Australia’s Critical Infrastructure: Australian officials assess that China-linked Salt Typhoon actors almost certainly compromised critical infrastructure networks, raising concerns over long-term espionage and persistence. Link

China’s Expanding Digital Footprint in the Arctic: Analysis highlights China’s growing cyber and digital influence in the Arctic through satellite systems and subsea cable infrastructure, signaling long-term strategic ambitions. Link

Claude Chrome Extension Poses Data Exposure Risk: Security researchers warn that an unofficial Claude-related Chrome extension could expose user data, highlighting emerging risks tied to AI tooling ecosystems. Link

Crypto Thefts Traced Back to 2022 LastPass Breach: Investigators link recent cryptocurrency thefts to credentials stolen during the 2022 LastPass breach, demonstrating the long-term fallout of password vault compromises. Link

GhostTapped Malware Targets Telecom Networks: Group-IB details GhostTapped, a Chinese-linked malware family designed to intercept communications within telecom environments through covert access mechanisms. Link

⚖️ Laws, Policies and Regulations

AI Reshaping Offensive Cyber Operations: A policy-focused analysis explores how artificial intelligence is transforming offensive cyber capabilities, accelerating attack speed and lowering barriers for adversaries. Link

Government Unveils New Cyber Action Plan: Officials announce a sweeping cyber action plan aimed at strengthening national resilience and improving public-private coordination. Link

Trump Pulls U.S. Out of International Cyber Organizations: The U.S. withdraws from several international cyber cooperation bodies, sparking debate over global coordination on cyber threats. Link

Illinois Man Charged in Snapchat Hacking Case: Federal prosecutors charge an Illinois man for allegedly hacking Snapchat accounts as part of a broader cybercrime investigation. Link

📊 Trends, Reports, Analysis

Telecommunications Sector Faces Rising Cyber Threats: A new report details escalating cyber risks to telecom providers, including espionage, ransomware, and infrastructure disruption. Link

Ransomware Continues to Batter U.S. Organizations: Emsisoft’s 2025 report finds ransomware remains widespread across U.S. public and private sectors despite improved defenses. Link

Predator iOS Malware Enables Covert Surveillance: A technical deep dive explains how Predator iOS malware functions as a full-scale surveillance framework targeting mobile devices. Link:

📅 Upcoming Events

We are looking for sponsors for our 2026 events.

If you would like to sponsor any of our future in person or virtual events then please email us on [email protected] 

We hope you enjoyed our email briefing! ☕🥮If you want to sponsor our next edition or advertise on our site, drop us an email [email protected].

Thank you for being a part of our newsletter community and you can be part of the community by joining our LinkedIn Group.