After a technology company in Guangzhou was attacked by an overseas hacker organization, the public security organ immediately organized a technical team to conduct technical analysis and traceability of the extracted attack program and system log, and initially found out that the network attack suffered by the company was committed by a hacker organization sponsored by the Democratic Progressive Party authorities in Taiwan, China, China. On May 20th, Tianhe District Branch of Guangzhou Public Security Bureau issued a police report stating that a technology company in Guangzhou was attacked by a foreign hacker organization. The public security organs immediately launched an investigation, extracted relevant attack program samples, comprehensively fixed relevant evidence involved in the case, and organized a professional technical team to conduct technical traceability. According to police investigations, the Taiwanese hacker group has frequently used public network asset detection platforms in recent years to conduct large-scale network asset investigations on more than 1000 important network systems (involving military, energy, hydropower, transportation, government, etc.) in more than 10 provinces in mainland China. They have collected basic information and technical intelligence of related systems, and carried out multiple rounds of network attacks through low-end attack methods such as sending phishing emails, publicly exploiting vulnerabilities, brute force password cracking, and self-made simple Trojan horse programs. Especially since last year, the Taiwanese hacker organization has significantly increased the scale and frequency of attacks against targets within our country, with obvious intentions of harassment and destruction, and extremely malicious intentions. Technical experts say that the overall technical level of this Taiwanese hacker organization is relatively low, with simple and crude attack methods and a wide range of attacks. It has been detected multiple times by my network protection system monitoring. Its self-made trojan program programming level is low, leaving many criminal clues that can be traced back, which provides favorable conditions for the police to find out the criminal facts, lock the suspect and its online location. Technical analysis shows that although it frequently utilizes network assets such as VPN proxies, overseas cloud hosts, and puppet machines to carry out network attacks through a large number of IP addresses from countries such as the United States, France, South Korea, Japan, the Netherlands, Israel, Poland, etc., with the intention of concealing its true source of attack, it is not difficult to investigate the entire process and true intentions of the hacker organization in carrying out network attack crimes through network investigation. (New Society)