Taiwan Charges Businessmen in China-Linked Espionage Campaign Targeting Journalists and Politicians
Taiwanese authorities have indicted two local businessmen for their alleged role in a sophisticated cyber-espionage operation tied to the Chinese government. The campaign targeted a broad spectrum of individuals, including politicians, academics, and journalists, utilizing compromised messaging app accounts and custom malware to facilitate intelligence gathering.
Taiwan's **Ministry of Justice Investigation Bureau** announced charges against two executives for their involvement in a sprawling espionage campaign. The operation, allegedly linked to Chinese state-sponsored actors, focused on collecting intelligence from prominent Taiwanese figures and international journalists.
### LINE Accounts Leveraged for Deception
The suspects reportedly managed a company that procured and leased accounts for the popular messaging app, **LINE**, to operators connected with China's cyber forces. These accounts, registered with Taiwanese mobile numbers, were then used to impersonate international journalists, including reporters affiliated with the **International Consortium of Investigative Journalists (ICIJ)**.
Authorities allege that the goal was to establish trust with targets, under the guise of requesting interviews or article contributions, before deploying malware designed to compromise their computers.
### Investigation and Charges
Prosecutors conducted multiple investigative operations this year, culminating in searches of the company's offices and other locations. The two executives now face deferred prosecution orders and charges under Taiwan's **Personal Data Protection Act** and other offenses.
According to the bureau, the company's director facilitated the rental of **LINE** accounts to **Xiamen Empress Information Technology**, a Chinese firm that Taiwan claims has ties to the **Chinese Communist Party's** cyber operations. Each account was rented for approximately 1,100 yuan ($162).
### Malware Disguised as Secure Communication
The espionage campaign also incorporated malware cleverly disguised as encrypted communication software. Investigators noted that attackers exploited journalists' routine use of secure messaging tools, encouraging victims to download the fake software to compromise their systems.
### Corroborating Previous Findings
This case provides official corroboration for findings previously published by the **ICIJ** and researchers at **The Citizen Lab**. Earlier this year, they documented a wide-ranging, Beijing-linked phishing campaign targeting journalists, democracy activists, and members of Uyghur, Tibetan, Hong Kong, and Taiwanese communities abroad.
**The Citizen Lab** reported that the campaign utilized over 100 malicious internet domains across a nine-month period, primarily aiming to steal credentials and enable further espionage. Researchers also observed potential use of artificial intelligence in automating message generation and target selection, based on inconsistencies in some phishing emails.
China has consistently denied engaging in cyber-espionage against foreign governments and civil society organizations.