Infosecurity

Taiwan Charges Two Businessmen for Allegedly Helping Chinese Espionage Campaign

Published

on

Two Taiwanese Executives Accused of Feeding Accounts to Chinese Hackers

Taiwanese prosecutors have formally charged two local businessmen for allegedly running a company that supplied hacked messaging accounts to Chinese state-backed cyber operators. The case, announced Tuesday by Taiwan’s Ministry of Justice Investigation Bureau, adds a concrete legal dimension to what researchers describe as a sprawling, years-long phishing campaign.

The suspects are accused of collecting and leasing accounts for LINE, the dominant messaging app in Taiwan and much of East Asia. Investigators say the accounts were rented to Xiamen Empress Information Technology, a Chinese firm they link to the Chinese Communist Party’s cyber apparatus, for roughly 1,100 yuan ($162) per account. The goal was simple: impersonate real journalists to trick politicians, academics, and activists into downloading malware.

The Fake Reporter Trap: How the Scheme Worked

According to the bureau, the company’s director gathered LINE accounts registered with Taiwanese mobile numbers — a crucial detail, because locals trust numbers from their own country. Chinese operators then used those accounts to pose as reporters from outlets including the International Consortium of Investigative Journalists (ICIJ).

The fake journalists would request interviews or ask targets to contribute articles. Standard phishing fare. But the twist came next: the attackers pushed a fake encrypted communications app, claiming it was needed to protect sources. Instead, it deployed malware designed to take over the victim’s computer.

Prosecutors searched the company’s offices and other locations during two operations earlier this year. This week, they issued deferred prosecution orders against the two executives, charging them with violations of Taiwan’s Personal Data Protection Act and other offenses.

A Campaign Backed by Research

The charges line up with findings published earlier this year by the ICIJ and researchers at The Citizen Lab, based at the University of Toronto. That report documented a Beijing-linked phishing campaign targeting journalists, democracy activists, and members of Uyghur, Tibetan, Hong Kong, and Taiwanese communities abroad.

The Citizen Lab said the operation relied on more than 100 malicious internet domains over nine months. The researchers noted something else unusual: mistakes in some phishing emails suggested the attackers may have used artificial intelligence to automate message generation and target selection. It’s a sign that even state-backed hackers are experimenting with AI tools to scale their operations.

“The attackers noted that journalists routinely use secure messaging tools to protect confidential sources and encouraged victims to download the fake software,” the Investigative Bureau said in its statement.

Why LINE Accounts Were the Key

LINE is deeply embedded in Taiwanese daily life — used for everything from work chats to family groups. A message from a local number on LINE carries instant credibility. By renting accounts that already had Taiwanese registrations, the Chinese operators bypassed the first line of suspicion.

For about $162 per account, they got a digital identity that felt real. It’s a low-cost, high-impact tactic. The suspects allegedly acted as middlemen, collecting the accounts and selling access to the Chinese firm. Prosecutors did not name the company or the executives, citing ongoing investigations.

China’s Denials and the Broader Context

Beijing has repeatedly denied conducting cyber-espionage against foreign governments and civil society organizations. The Chinese foreign ministry did not immediately respond to a request for comment on the Taiwanese charges.

But the case is part of a pattern. Over the past two years, researchers have documented multiple campaigns using stolen or rented messaging accounts to target Taiwanese officials and pro-democracy activists. The use of fake journalist personas is particularly insidious — it exploits the trust that reporters rely on to do their jobs.

The charges also come amid heightened tensions between Taiwan and China. Taipei has increasingly cracked down on what it calls “cross-strait espionage networks” operating through shell companies and tech intermediaries.

What’s Next for the Accused?

The two businessmen face potential prison time if convicted under Taiwan’s Personal Data Protection Act, which carries penalties of up to five years for serious violations involving organized crime or foreign intelligence ties. The deferred prosecution orders suggest they may be cooperating with investigators.

The case serves as a warning to companies operating in gray areas: renting out local digital identities to foreign entities — even if disguised as legitimate business — can land executives in criminal court. And for the rest of us, it’s a reminder that not every friendly message from a local number is what it seems.

For more on how to spot phishing attempts, check out our guide on identifying fake journalist outreach. And if you’re a journalist or activist using secure messaging apps, consider reading our breakdown of safe communication tools for high-risk environments.

Leave a Reply

Your email address will not be published. Required fields are marked *

Trending

Exit mobile version