Photo: The revealed members include Lin Yushu, born in 1979, head of the Network Environment Research and Analysis Center of the "Information, Communications and Electronic Force Command", and Cai Jiehong, born in 1993, team leader of the center, while Nian Xiaofan, born in 1982, and Wang Haoming, born in 1990, are active personnel at the center.

China's Ministry of State Security (MSS) published an article on Monday through its official Wechat account, revealing details about four members of the "Information, Communications and Electronic Force Command" (ICEFCOM) linked to "Taiwan independence" forces. A technical expert from the Chinese cybersecurity company Qi-Anxin Group told the Global Times that APT organizations from the island of Taiwan have been persistently deploying various cyber weapons in large-scale attacks.

The MSS said that, in recent years, state security authorities have rigorously monitored and investigated cyberattacks and infiltration activities taken by ICEFCOM, and identified multiple individuals involved in planning, directing, and executing these operations, the MSS said.

Through years of surveillance and tracing, Qi-Anxin has identified "Poison Vine group" (APT-Q-20), a Taiwan-based organization, as actively targeting government, military, defense, and scientific research institutions in the Chinese mainland. This organization employs spear-phishing emails and watering hole attacks, among other methods, to carry out APT attacks. 

A recent report released by Qi-Anxin indicates that from 2018 to 2025, the APT-Q-20 has engaged in large-scale imitation of the most commonly used social software, email systems, as well as government agency websites, military websites, and university websites on the Chinese mainland. The goal is to amass personal data for subsequent intelligence theft in the mainland, the report stated.

The report details two primary attack vectors: phishing website attacks and phishing email attacks. In email attacks, the organization impersonates entities such as professionals from think tanks, military-civil fusion industrial parks, military magazines, civil service recruitment agencies, and defense contractors.

The report further shows that over 30 percent of vulnerabilities exploited by APT organization in attacks on Chinese mainland devices involve weak passwords in routers, cameras, smart home devices, and firewalls. Qi-Anxin emphasized the urgent need for individuals and enterprises to strengthen device security, particularly by adopting complex passwords. 

A Qi-Anxin technical expert told the Global Times that Taiwan's APT attacks are relatively unsophisticated, relying on simple network weapons and even brute-force attacks on weak passwords across various network devices in the mainland.

But the APT organization has been registering new domain names and buying servers to carry out phishing attacks for 15 years, Qi-Anxin said. With rising geopolitical tensions, the frequency of APT attacks aimed at espionage and intelligence theft is expected to increase. 'We must remain vigilant against the ongoing threat posed by Taiwan-based APT organizations,' the expert warned.