Taiwan Charges Businessmen in Chinese Espionage Campaign Using Leased LINE Accounts
Taiwanese prosecutors have charged two businessmen accused of leasing popular LINE messaging app accounts to Chinese intelligence operatives for espionage purposes.

Taiwanese authorities have brought charges against two local businessmen for their alleged role in facilitating a broad espionage campaign orchestrated by China. The suspects are accused of operating a company that collected and leased out accounts for the widely used LINE messaging application to operatives linked to China's cyber forces. This operation allegedly enabled Chinese intelligence to conduct surveillance and gather sensitive information.
According to Taiwan's Ministry of Justice Investigation Bureau, the company's director procured LINE accounts registered with Taiwanese mobile numbers. These accounts were then rented to Xiamen Empress Information Technology, a Chinese firm that Taiwanese authorities claim is affiliated with the Chinese Communist Party's cyber apparatus. The rental cost was approximately 1,100 yuan (about $162) per account. The bureau detailed that these leased accounts were used by Chinese operators to impersonate international journalists, including reporters associated with the International Consortium of Investigative Journalists (ICIJ).
The primary objective of this tactic was to establish trust with targets, which would then pave the way for the deployment of malware designed to compromise the victims' computers. Prosecutors initiated investigations earlier this year, conducting searches of the company's offices and other relevant locations. The deferred prosecution orders were issued this week against the two executives, who face charges related to violations of Taiwan's Personal Data Protection Act and other offenses.
Investigators revealed that the attackers leveraged the fact that journalists commonly employ secure messaging tools to protect their sources. They encouraged targets to download what they presented as encrypted communications software, which was in reality malware. This sophisticated social engineering approach aimed to deceive individuals into compromising their systems.
This case provides official corroboration for findings previously published by the ICIJ and researchers at The Citizen Lab. These earlier reports detailed a wide-ranging phishing campaign, attributed to Beijing, that targeted journalists, democracy advocates, and members of diaspora communities from Uyghur, Tibetan, Hong Kong, and Taiwan.
The Citizen Lab's research indicated that the campaign utilized over 100 malicious internet domains over a nine-month period, with the apparent goal of stealing credentials and enabling further espionage activities. The researchers also noted that certain errors in phishing emails suggested the potential use of artificial intelligence to automate message generation and refine target selection.
China has consistently denied engaging in cyber-espionage activities against foreign governments or civil society organizations. The ongoing investigation and charges in Taiwan highlight the persistent challenges in attributing and combating state-sponsored cyber operations that leverage sophisticated social engineering and the abuse of popular communication platforms.