Thegovernment of the People's Republic of China is engaged inespionage overseas, directed through diverse methods via theMinistry of State Security (MSS), theMinistry of Public Security (MPS), theUnited Front Work Department (UFWD),People's Liberation Army (PLA) via itsIntelligence Bureau of the Joint Staff Department, and numerousfront organizations andstate-owned enterprises. It employs a variety of tactics includingcyber espionage to gain access to sensitive information remotely,signals intelligence,human intelligence as well asinfluence operations throughunited front activity targetingoverseas Chinese communities and associations.^[1]

The Chinese government is also engaged inindustrial espionage aimed at gathering information and technology to bolster its economy, as well astransnational repression ofdissidents abroad such as supporters of theTibetan independence movement andUyghurs as well as theTaiwan independence movement, theHong Kong independence movement,Falun Gong,pro-democracy activists, and other critics of theChinese Communist Party (CCP).^[2][3][4] The United States alleges that the degree of intelligence activity is unprecedented in its assertiveness and engagement in multiple host countries, particularly the United States, with economic damages estimated to run into the hundreds of billions according to theCenter for Strategic and International Studies.

It is believed that Chinese espionage is aimed at preserving China's national security through gaining commercial, technological, and military secrets.^{[5][6][7][8][9][10][11][12]} The carriers of China's intelligence activities are diverse.^[13][14][15] The use of non-traditional intelligence assets is codified inChinese law. Article 14 of China's 2017National Intelligence Law mandates that Chinese intelligence agencies "may ask relevant institutions, organizations and citizens to provide necessary support, assistance and cooperation."^[16]Honey trapping andkompromat are also common tools of Chinese intelligence services.^[17]

Much of the information available to the public about the Chinese intelligence services comes from defectors, whom the PRC accuses of lying to promote an anti-PRC agenda.^{[18][19][20][21]} One known exception to this rule is the case ofKatrina Leung, who was accused of starting an affair with anFBI agent to gain sensitive documents from him. A U.S. judge dismissed all charges against her due toprosecutorial misconduct.^[22]

The United States believes the Chinese military has been developing network technology in recent years^[when?] to perform espionage on other nations. Several cases of computer intrusions suspected of Chinese involvement have been found in various countries, including Australia, New Zealand, Canada, France, Germany, the Netherlands, the United Kingdom, India and the United States.^[23][24][25]

In the aftermath of theShadow Network computer espionage operation, security experts claimed "targeting Tibetan activists is a strong indicator of official Chinese government involvement" since private Chinese hackers pursue economic information only.^[26] In 2009, Canadian researchers at theMunk Center for International Studies at the University of Toronto examined the computers at the personal office of theDalai Lama. Evidence led to the discovery ofGhostNet, a large cyber-spy network. Chinese hackers had gained access to computers possessed by government and private organizations in 103 countries, although researchers say there is no conclusive evidence China's government was behind it. Computers penetrated include those of theDalai Lama,Tibetan exiles, organizations affiliated with the Dalai Lama in India, Brussels, London and New York, embassies, foreign ministries and other government offices, and focus was believed to be on the governments ofSouth Asian andSoutheast Asian countries.^[27][28][29] The same researchers discovered a second cyberspy network in 2010. They were able to see some of the stolen documents that included classified material about Indian missile systems, security in severalIndian states, confidential embassy documents about India's relationships inWest Africa,Russia and theMiddle East, NATO forces travel inAfghanistan, and a years worth of the Dalai Lama's personal email. The "sophisticated" hackers were linked to universities in China. Beijing again denied involvement.^[30][31] In 2019, Chinese hackers posing asThe New York Times,Amnesty International and other organization's reporters targeted the private office of the Dalai Lama,Tibetan Parliament members, and Tibetan nongovernmental organizations, among others.Facebook andTwitter took down a large network of Chinese bots that was spreading disinformation about the2019–20 Hong Kong protests and a months long attack on Hong Kong media companies was traced to Chinese hackers.^[4][32]

Facial recognition andsurveillanceartificial intelligence (AI) technology developed inside China to identifyUyghurs, aMuslim minority,^[33] is now used throughout China, and despite securityconcerns over Chinese involvement in 5G wireless networks, is manufactured and exported worldwide by state ownedChina National Electronics Import & Export andHuawei to many countries, including Ecuador, Zimbabwe, Uzbekistan, Pakistan, Kenya, the United Arab Emirates, Venezuela, Bolivia, Angola and Germany.^[34] American companies and universities such asMIT andPrinceton are partnering with theRockefeller Foundation and theCalifornia Public Employees' Retirement System to fund Chinese surveillance and AI start-ups such asHikvision,SenseTime andMegvii, which sell less expensive versions of Chinese state developed artificial intelligence surveillance systems, although this is being curtailed somewhat due to the companies being declared national security threats andhuman rights violators by the US, andUS-China trade concerns.^{[35][36][37][38]} China invests in American AI startups and is starting to overtake the US in AI investment.^[39]

In July 2020, in its annual report,Germany's domestic intelligence agency, theFederal Office for the Protection of the Constitution, warned consumers that personal data they provide to Chinese payment companies or other tech firms such asTencent, Alibaba and others, could end up in the hands of China's government.^[40] In September 2020, a Chinese company,Shenzhen Zhenhua Data Technology came under the scanner worldwide for its big data and data mining and integration capacities and intentions related to its use.^[41] According to the information from the National Enterprise Credit Information Publicity System, which is run byState Administration for Market Regulation in China, the shareholders of Zhenhua Data Information Technology Co., Ltd. are two natural persons and one general partnership enterprise whose partners are natural persons.^[42] Wang Xuefeng, who is the chief executive and the shareholder of Zhenhua Data, has publicly boasted that he supports "hybrid warfare" through manipulation of public opinion and "psychological warfare".^[43]

The primary agencies involved in deploying operatives overseas are the Ministry of State Security and theIntelligence Bureau of the Joint Staff Department of theCentral Military Commission, both utilizingstate-owned enterprises and united front groups acting as front organizations for intelligence operatives disguised as legitimate employees.^[44] TheMinistry of Public Security is also involved in domestic counter-intelligence and overseas capture of fugitives, dissidents and corruption suspects through activities such asOperation Fox Hunt. The United Front Work Department is responsible for conducting political influence operations leveraging overseas Chinese diaspora and local political and economic elites while providing cover for intelligence agents.^[45][46][47]

Xinhua News Agency also collects and reports information on individuals and groups of interest for intelligence purposes.^[48] Xinhua reporters file certaininternal reports (neican) to CCP leadership from secure rooms in some Chinese embassies and consulates.^[49]

In 1939,Zhou Enlai espoused "nestling intelligence within theunited front" while also "using the united front to push forth intelligence."^[45] According to Australian analystAlex Joske, "the united front system provides networks, cover and institutions that intelligence agencies use for their own purposes." Joske added that "united front networks are a golden opportunity for Party's spies because they represent groups of Party-aligned individuals who are relatively receptive to clandestine recruitment."^[45]

In 2023,Chen Wenqing of the CCP'sCentral Political and Legal Affairs Commission directed partycadres and committees at all levels to "attach great importance to, concern themselves with, and support covert front work."^[86]

In January 2018,Le Monde reported that the headquarters of theAfrican Union, which had been constructed by theChina State Construction Engineering Corporation, had had its computer systems compromised between 2012 and 2017, with data from AU servers being forwarded toShanghai.^[87][88][89] The building's computer system was subsequently removed and the AU refused a Chinese offer to configure the replacement system.Le Monde alleged that the AU had then covered up the hack to protect Chinese interests in the continent.^[87][90]

China and the African Union have rejected the allegations.^[91] Ethiopian Prime MinisterHailemariam Desalegn rejected the French media report, saying that he doesn't believe it.^[92]Moussa Faki Mahamat, head of the African Union Commission, said the allegations in theLe Monde's report were false. "These are totally false allegations and I believe that we are completely disregarding them."^[93]

In 2020, Japan's Computer Emergency Response Team (CERT) reported that a suspected Chinese hacking organization, "Bronze President," had hacked and extracted footage from the AU Headquarters' security cameras.^[94]

In 2007, the People's Republic of China dispatched two armed teams to break into thePelindaba nuclear research centre to steal technology for apebble bed modular reactor, according to South Africa'sState Security Agency. A guard at the reactor was shot in the chest during the break-in.^[95]

Since at least April 2017, TEMP.Periscope, anadvanced persistent threat based in China, has been hacking Cambodian organizations related to the2018 general election.^[96] Targets included the National Election Commission, theMinistry of Interior, theMinistry of Foreign Affairs and International Cooperation, theSenate of Cambodia, and theMinistry of Economy and Finance.^[96] The APT engaged inspear phishing againstMonovithya Kem of theCambodia National Rescue Party, sending messages which impersonated theCambodian League for the Promotion and Defense of Human Rights.^[96]

According toPan-democracy political groups,^[97] China has been sending spies intoHong Kong harassing dissents andFalun Gong practitioners. In 2012, according toOriental Daily News, a Chinese security ministry official has been arrested in Hong Kong for suspicion of acting as a double agent for the United States.^[98]

In October and December 2015, five book sellers ofCauseway Bay Books disappeared as part of theCauseway Bay Books disappearances. The five men:Gui Minhai, Lee Bo, Lui Bo, Cheung Jiping andLam Wing-kee were allegedly kidnapped byChinese public security bureau officials from mainland China extrajudicially in breach of Hong Kong judicial independence as a result of publishing and distributing books containing corruption and scandals related to the senior leadership of the Chinese Communist Party.^[99]

TheResearch and Analysis Wing (R&AW) believes that China is using dozens of study centers it has set up in Nepal near the Indian border in part to spy on India.^[100][101]

In August 2011 a Chineseresearch vessel disguised as afishing trawler was detected off the coast ofLittle Andaman, collecting data in ageostrategically sensitive region.^[102][103]

The "Luckycat" hacking campaign that targeted Japan andTibet also targeted India.^[104][105] ATrojan horse was inserted into aMicrosoft Word file ostensibly about India'sballistic missile defense program, allowing for thecommand and control servers to connect and extract information. The attacks were subsequently traced back to a Chinese graduate student fromSichuan and the Chinese government is suspected of planning the attacks.^[106]

Chinese hackers linked to the Third Technical Department of the People's Liberation Army have launched extensive and sustained hacking campaigns against theCentral Tibetan Administration, based inDharamshala.^[107]

In 2018, PLA Navy deployed aType 815G ELINT ship in waters offAndaman and Nicobar islands for two weeks, according to a report by Indian intelligence agencies.^[108]

In March 2019, Indian intelligence agencies told news services that China was trying to spy onIndian Navy bases located insouthern India andIntegrated Test Range missile testing facility located atAbdul Kalam Island. It was doing this by establishing Chinese business around these areas.^[109]

TheCentral Board of Direct Taxes in August 2020 caughtLuo Sang, a Chinese person for operating amoney laundering scheme. He reportedly employed people to gather information on theDalai Lama's movements while simultaneously keeping an eye on pro-Tibetan individuals inDelhi and thenortheastern states.^[110] In September 2020,Delhi Police arrested a journalist and accomplices under theOfficial Secrets Act for allegedly passing sensitive information to Chinese intelligence officers.^[111][112]

On 3 March 2021, the Chinese hackers attacked theCovaxin andCovishield units In India.^[113] It is also being claimed that the hackers tried to create a national blackout in the country by breaching the electricity units.^[114]

On 21 October 2022,The Tribune, an Indian English newspaper, reported that Delhi Police apprehended a Chinese female citizen hailing from Hainan province in China, and she was accused of assuming a false identity as a monk and allegedly engaging in "anti-national activities."^[115]

In February 2023, Indian police detained a Chinese national accused of spying against India under theIndian Penal Code (IPC) section 121 (waging war against the government of India) and other IPC sections, after the Chinese national visited “key installations” in Delhi, India.^[116]

On 10 May 2024, a Chinese national, was arrested byUttar Pradesh Police andSashastra Seema Bal forespionage activities along theIndia-Nepal border. Photographs ofIndian Army installations and his trips toPakistan were found on his phone.^[117]

Since China's state security laws demand enterprises to collaborate with intelligence work, India implemented software and hardware testing regulations forclosed-circuit television camera manufacturers starting in April 2025.^[118]

In January 2021, Indonesian fishermen reported findings of underwater drones or gliders. This finding is thought to be related to a glider belonging to China that was previously found by fishermen around the waters ofSelayar Island,South Sulawesi. Foreign media have highlighted these findings. Most of them call this incident a secret Chinese mission in Indonesian waters.The Guardian, in its Espionage rubric, details previously that a Chinese-made glider was also found by fishermen inTanjung Pinang,Riau Islands in March 2019. Furthermore, the finding also occurred inMasalembo,East Java in January 2020.^[119]

In September 2021, Chinese hackers have breached the internal networks of at least ten Indonesian government ministries and agencies, including computers from Indonesia's primary intelligence service,Indonesian State Intelligence Agency (BIN). The intrusion, discovered by Insikt Group, the threat research division of Recorded Future, has been linked to Mustang Panda, a Chinese threat actor known for its cyber-espionage campaigns targeting the Southeast Asian region. But a spokesman of the Indonesia intelligence agency denies China hackers hacked into their computers.^[120][121]

In July 2022, theIndonesian Navy arrested six people, including three foreigners, two from Malaysia and one from China, on suspicion of being involved in espionage activities in North Sebatik,North Kalimantan after they were found in possession of sensitive naval base photos at the shared island, according to Indonesian media reports.^[122][123]

According to a report byTrend Micro, the "Luckycat" hacker group is engaged in cyber-espionage on targets in Japan, India and Tibet. During the2011 Tōhoku earthquake and tsunami andnuclear meltdowns atFukushima, the hackers inserted aTrojan virus intoPDF attachments to emails being circulated containing information about radiation dosage measurements.^[104][124] Investigation into ownership of the command and controlservers by Trend Micro andThe New York Times linked the malware to Gu Kaiyuan, throughQQ numbers and the alias "scuhkr".^[106][125] Gu was a graduate student of the Information Security Institute ofSichuan University inChengdu and wrote his master's thesis oncomputer hacking.^[126]James A. Lewis of theCenter for Strategic and International Studies, believes the attacks were state-sponsored.^[106] Starting in 2019, Chinese state hacking group,MirrorFace, commencedcyberattacks against Japanese governmental institutions, according to the country'sNational Police Agency.^[127]

On 19 February 2019, Kazakh counterintelligence officers arrested Konstantin Syroyezhkin, a formerKGB agent, inAlmaty, on charges of passing classified documents to Chinese spies.^[128] China-linked hackers have also targeted entities in Kazakhstan.^[129]

In 2020 Chinese hackers were implicated in the hacking of a Malaysian government official. The attacks were attributed to APT40.^[130]

FireEye President Travis Reese has stated that the Chinese-sponsored Conference Crew, founded in 2016, has engaged in cyber-espionage against the Philippines, targeting diplomatic and national security information.^[131]

In 2020, Facebook took down a network that was part of a Chinese disinformation campaign against the Philippines. The campaign used false profiles to influence public opinion, particularly related to politics.^[132]

Following a murder inMakati City in which two ChinesePLA IDs were recovered,^[133] Philippines SenatorPanfilo Lacson claimed he had received information that between 2,000 and 3,000 ChinesePLAN (People's Liberation Army Navy) members were in the Philippines.^[134] Replying on Twitter, the Chinese Embassy in Manila said the Senator was "testing the intelligence of the Philippine people", to which Lacson responded saying his information is still worth looking into, while theArmed Forces of the Philippines said it is validating the information as a "matter of serious concern."^[135]

In November 2023, the Chinese embassy in the Philippines denied allegations made byRafael Alunan III of havingsleeper cells in the country after thePhilippine National Police andNational Bureau of Investigation arrested Chinese nationals forillegal possession of firearms.^[136]

In 2024, formerBamban mayorAlice Guo was removed from office over questions regarding her citizenship as well her involvement in thePhilippine Offshore Gaming Operator (POGO) in her town.^[137][138]She Zhijiang a self-confessed spy detained in Thailand named Guo as a fellow spy.^[139] Wang Fugui a cellmate of She also said that Guo's 2022 mayoral campaign was "arranged by Chinese state security".^[140] Guo's birth citizenship was eventually voided in October 2025.^[141]

Deng Yuanqing was arrested in January 2025 over allegations of mapping sensitive data involving military sites inLuzon.^[142]

Huang Jing (黄靖), an academic at theLee Kuan Yew School of Public Policy, was expelled from Singapore in 2017, reportedly for working as anagent of influence for Chinese intelligence services.^[143][144]

SingHealth medical data was hacked by suspected Chinese hackers around July 2018.^[145]

FireEye claims that two hacker operations tied to the Chinese military, dubbed Tonto Team and Stone Panda/APT10, have attempted to hack the South KoreanMinistry of Foreign Affairs and other targets related to the deployment ofTHAAD.^[146][147]

China is reportedly engaged in economic espionage against South Korean technology companies, includingSamsung Electronics andSK Hynix.^[148]

In 2010,Jayalalithaa Jayaram – head of theAll India Anna Dravida Munnetra Kazhagam – stated that Chinese workers, working in parts of the country devastated by theSri Lankan Civil War were infiltrated with Chinese spies on surveillance missions targeted at India.^[149]

In May 2019, Sri Lankan authorities caught the former chief ofMilitary intelligence for allegedly acting as a Chinese mole and trying to obstruct a probe by Indian and American agencies into theEaster bombings.^[150]

Taiwan and China regularly accuse each other of spying.^[151][152]

Presidential aide Wang Jen-ping was found in 2009 to have sold nearly 100 confidential documents to China since 2007; Military intelligence officer Lo Chi-cheng was found to have been acting as a double agent in 2010 for China since 2007; Maj. Gen.Lo Hsien-che, electronic communications and information bureau chief during the administration of former President Chen Shui-bian, has been suspected of selling military secrets to mainland China since 2004.^[153]

In 2007 theMinistry of Justice Investigation Bureau stated that 500 gigabyte Maxtor Basics Personal Storage 3200hard drives produced bySeagate Technology and manufactured in Thailand may have been modified by a Chinesesubcontractor and shipped with the Virus.Win32.AutoRun.ah virus.^[154][155] As many as 1,800 drives sold in the Netherlands and Taiwan after August 2007 were reportedly infected with the virus, which scanned forpasswords for products such asWorld of Warcraft and QQ and uploading them to a website in Beijing.^[156]

Zhou Hongxu (周泓旭), a graduate ofNational Chengchi University'sMBA program, has been accused of attempting to recruit an official from theMinistry of Foreign Affairs to provide intelligence to China.^[157][158] Zhou was reportedly instructed by China'sTaiwan Affairs Office to enroll in the university to make friends and develop a spy ring.^[158] Zhou reportedly solicited classified documents, offering trips toJapan andUnited States dollars in payment.^[158][159]

In October 2020 it was revealed that Chinese hackers had compromised the largestjob bank in Taiwan, hacking the information of over five million people.^[160]

On 11 December 2020, the Ministry of Justice Investigation Bureau (MJIB) caught three Taiwanese who worked for Chinese intelligence. They were spreading propaganda about how Taiwan and the US were trying to overthrow the Thai monarchy, supporting the democracy protesters. The case is important because it is Taiwan's first Internet-related national security case, which the bureau investigated. Secondly, it is the first time Taiwan has documented that China has successfully recruited Taiwanese to work as paid online agents of its cyber army.^[161][162] This disinformation operation also tried to falsely portray theMilk Tea Alliance as acolor revolution style American government plot.^[163]

Chinese spy balloons have overflown Taiwan.^[164]

In August 2022, duringSpeaker of the HouseNancy Pelosi's visit to Taiwan, a TV screen at a Taiwan Railway Ministration (TRA) station displayed a message referring to Pelosi as an "old witch" in simplified Chinese characters (official characters in mainland China), while TV screens at multiple 7-Elevens began referring to her as a "warmonger."^[165][166] China was suspected of hacking the TRA signs and Taiwan 7-Eleven to mock Pelosi.^[165]

In March 2023, Taiwan prosecutors charged two former officials with violating the national security law by organizing meetings between former senior military officers and Chinese intelligence personnel.^[167] Retired rear admiral Hsia Fu-hsiang and former lawmaker Lo Chih-ming began their espionage after being recruited by the Chinese military andUnited Front Work Department.^[168] Each faces up to five years in jail if convicted.^[167]

In August 2023, Taiwan'sMinistry of National Defense detained a lieutenant colonel, Hsieh, for leaking military secrets to China. Hsieh and several others were suspected of having been recruited by China to provide China with national defense secrets and other information.^[169] Hsieh is also suspected of developing a spy organization of current and retired military personnel to collect intelligence for China.^[169]

In May 2017, Major Wang Hung-ju, a retiredmilitary police officer assigned to theNational Security Bureau, was indicted on charges of spying for the People's Republic of China.^[170]

Army Major General Hsieh Chia-kang, deputy commander of Matsu Defense Command, has been accused of providing intelligence to China, having been recruited by retired army colonel Hsin Peng-sheng.^[171]

In January 2018, it was reported that the Taipei District Prosecutor's Office is investigating if classified information regarding theAirborne Special Service Company was passed on to Zhou Hongxu (周泓旭), who was already convicted for violating the National Security Act.^[172] In March 2018, a retired colonel was charged with breaching the National Security Act by the Kaohsiung District Prosecutors' Office, which alleged that the colonel shared classified personal information and planned to develop aspy ring in Taiwan.^[173] In April 2018, Hung Chin-hsi (洪金錫), aMacau-born businessman, was accused of developing a spy ring in theMinistry of Justice, on behalf of China.^[174] Captain Zhen Xiaojiang (鎮小江) was convicted in 2015 of recruiting Taiwanese military officers as part of a spy ring on behalf of China, including Army Major-General Hsu Nai-chuan (許乃權). Zhen sent intelligence regarding Taiwan's radar installations andDassault Mirage 2000fighters to China. He was deported to Hong Kong in July 2018.^[175]

In 2022, Taipei District Prosecutors Office charged retired major general Chien and retired lieutenant colonel Wei for developing a spy network for China. They were accused of working for a Hong Konger named Tse, who would visit Taiwan to recruit retired officers and reach out to those on active duty. Chien and Wei tried unsuccessfully to recruitChang Che-ping, who was a deputy minister at the ROC Ministry of National Defense before serving as a strategic adviser to PresidentTsai Ing-wen. Chang was probed as a defendant last year but later renamed as a witness.^[176]

From January 2022 to June 2024, the Taiwanese government reported over 1,700 instances of Chinese intelligence trying to recruit Taiwanese military personnel.^[177]

The Wall Street Journal reported that Taiwan has been "ground zero" for economic espionage related to itsintegrated circuit fabrication industry.^[178] In a review of ten prosecutions for technology-related intellectual property infringement in Taiwan,WSJ found that nine of those cases involved technology transfer to China.^[178] An employee of Nanya Technology Corp. allegedly stole designs fordynamic random-access memory (DRAM) on behalf ofTsinghua Holdings.^[178] Hsu Chih-Peng, an engineer forTaiwan Semiconductor Manufacturing Co., allegedly stole microchip designs after being solicited by the Chinese government-owned Shanghai Huali Microelectronics Corporation.^[178]

According to Taiwanese prosecutors, engineer Wang Yongming (on behalf of Fujian Jinhua Integrated Circuit) engaged in espionage to stealMicron Technology microchip designs via the Taiwanese company UMC.^[179] Micron alleges that UMC hired Micron's engineers, asking them to steal files on advanced memory chips.^[178][179] The files Wang allegedly stole were said to be production secrets, including testing procedures related to metallization, and the DR25nmS design protocol.^[178]

According to the security research firm FireEye, Chinese hackers are suspected of targeting Vietnamese government and corporate targets.^[180] The hacking group, designated Conimes,phished the targets and delivered malware via a pre-2012 version of Microsoft Word.^[180][181]

According to the cyber-security firm Area 1, hackers working for thePeople's Liberation Army Strategic Support Force compromised theCOREU network used for communication by theEuropean Union (EU), allowing it to access thousands of low-classified documents anddiplomatic cables.^[182]

According to a 2019 report released by theEuropean External Action Service, an estimated 250 MSS spies were operating in Brussels.^[183]

In a July 2021 joint statement withNATO, the individualcore Anglosphere/Five Eyes nations, and Japan, the EU accused the Ministry of State Security, along with MSS-contracted criminal hackers, of perpetrating several cyberattacks, most notably the2021 Microsoft Exchange Server data breach. While some attacks were for-profitransomware incidents by contracted hacker gangs, EU foreign policy commissionerJosep Borrell said the hacking was "for the purpose ofintellectual property theft andespionage."^{[184][185][186][187]}

In 2008,Belgian Justice MinisterJo Vandeurzen accused the Chinese government of electronic espionage against thegovernment of Belgium, whileForeign MinisterKarel De Gucht informed theBelgian Federal Parliament that Chinese agents hacked his ministry. The espionage is possibly linked to Belgium hosting the headquarters of NATO and the European Union.^[188]

TheKatholieke Universiteit Leuven inLeuven was also believed to be the center for a group of Chinese students in Europe conducting industrial espionage, operating under a front organization called the Chinese Students' and Scholars' Association of Leuven.^[189][190] In 2005 a leading figure of the Association defected to Belgium, providing information to theBelgian State Security Service on hundreds of spies engaged in economic espionage across Europe.^[191][192] The group had no obvious links to Chinese diplomats and was focused on gettingmoles into laboratories and universities in the Netherlands, Britain, Germany, France and Belgium.^[193] ThePeople's Daily, an organ of theCentral Committee of the Chinese Communist Party, dismissed the reports as fabrications triggered by fears of China's economic development.^[194]

In February 2019, a report was released by European External Action Service which estimated that there were 250 Chinese MSS spies operating inBrussels, the capital of the European Union.^[195]

On 15 December 2023, a joint investigation byFinancial Times,Der Spiegel andLe Monde revealed that formerVlaams Belang senatorFrank Creyelman accepted bribes from Ministry of State Security for three years to influence discussions within the European Union.^[196] Subsequently, Vlaams Belang expelled him from the party.^[197] His brother,Steven Creyelman, also MP for the VB, is also linked to this case.^[198]

In June 2023,Bloomberg News reported that Huawei engaged in espionage against theDanish telecom group (TDC) based in Copenhagen,Denmark. This espionage aimed to gain an advantage in their bid against the Swedish telecommunications companyEricsson for a lucrative 5G network contract valued atCHF 175 million ($198 million) to upgrade Denmark's cellular network.^[199]

In March 2021, Estonian scientistTarmo Kõuts was convicted of spying for China. According to theEstonian Internal Security Service, Kõuts was recruited in 2018 by China's Intelligence Bureau of theJoint Staff Department of the Central Military Commission, and was arrested on 9 September 2020. Kõuts was paid approximately €17,000 by his handlers. Kõuts worked for the Maritime Institute ofTallinn Technical University, and was also a member of the Scientific Committee of theEstonian Ministry of Defence and theNATO Undersea Research Centre.^[200]

According to the security research firm F5, Chinese hackers launched widespread attacks against FinnishInternet of things computers before the2018 Russia–United States Summit inHelsinki.^[201][202]

In March 2021, the Finnish government implicated the China-linked hacking groupAPT31 in a hack of theFinnish Parliament.^[203][204] In July that same year, as part of a jointEU/NATO/US/UK statement on Chinese-backed hacking campaigns (see 2021 Microsoft Exchange Server data breach), the BritishNational Cyber Security Centre joined in accusing China-linked hacking groups of being behind theFinnish Parliament hack.^[185]

There have been several incidents of suspected Chinese spies in France. This includesShi Pei Pu, a Chineseopera singer from Beijing who convinced a French diplomat that he was a woman and spied on France.^[205]

French media also portrayed Li Li Whuang (李李), a 22-year-old Chinese intern at car parts makerValeo, as an industrial spy.^[206] Both the French prosecution and Valeo refuted media claims of spying and the case was later considered to be a psychosis.^[207][208] Li Li was ultimately convicted of violating the confidentiality clause of her contract and served two months in prison, but was allowed to continue her doctoral studies at theUniversity of Technology of Compiègne.^[209]

Two French intelligence operatives, identified only as Henri M and Pierre-Marie H, were accused of communicating classified information to China.^[210] Henri M was reportedly the Beijing station chief for theDirectorate-General for External Security.^[210][211]

According to reporting byLe Figaro, theGeneral Directorate for Internal Security and Directorate-General for External Security believe that Chinese spies have usedLinkedIn to target thousands of business and government officials as potential sources of information.^[212]

In 2011, a Chinese cyberattack against Airbus Astrium (nowArianeGroup) occurred, targeting technical specifications and test results ofM51 SLBM.^[213]

In December 2018, experts from the DGSI andANSSI discovered a "sophisticated"supply chain attack targetingAirbus.^[213] The pattern of the attack has been described as typical ofAPT10 although unusually sophisticated.^[214] It is suspected that the attack was motivated byeconomic warfare to benefit the development of the domestic ChineseC919 airliner.^[213]

In 2019, the admiral Morio de l'Isle warned theNational Assembly about a high number of marriages between Chinese women and French servicemen inBrest, which host the general staff of theStrategic Oceanic Force, responsible for the sea-based French nuclear deterrence, and located next toÎle Longue, the home base of FrenchSSBN. He also notified of an "increasingly strong" Chinese presence aroundVLF military transmission center across France citing the example of the creation of "sino-european hub" funded by the investment company of Beijing Municipality in a remote town near theHWU transmitter. This choice was described by a local deputy as "troubling".^[215][216]

In December 2020, Huawei announced it will open its first large factory outside China in France next to the border with Germany.^[217] National and local newspapers have quickly expressed national security concerns about the location of the factory, situated betweenDRM headquarters, multipleelectronic warfare, intelligence and transmission regiments, as well as aboutthe company itself.^{[218][219][220][221]} The US Consul of Strasbourg met with the local mayor.^[222]

In July 2021, the ANSSI issued a security alert about a "large intrusion campaign impacting numerous French entities" described as "especially virulent" using the mode of operation of APT31.^[223][224] Two weeks later,Minister of the Armed ForcesFlorence Parly at theInternational Cybersecurity Forum suggested the emergence of "a new cold war in cyberspace [...] without the corresponding restraint. [...] There is nored phone in the cyber" and warned "we could be confronted to quickly and uncontrollably escalating situations with unseen crisis and unpredictable domino effects".^[225]

In March 2023, Taiwan'sOverseas Community Affairs Council (OCAC) announced that a Chinese overseas police station in France engaged in cyberattacks against an OCAC language school in France.^[226]

A former employee of Beijing's Academy of Science and Technology and the president of Stahd Europe—a subsidiary of the Chinese telecommunications company Emposat—was reportedly involved in activities that raised national security concerns in France. French intelligence agents from the Defence Intelligence and Security Directorate (DRSD) identified a suspicious satellite dish installed on a balcony near agricultural silos. Unlike standard television dishes, the equipment was outfitted with specialized components directed at theCNES (Centre National d'Études Spatiales) ground stations inIssus-Aussaguel. These ground stations manage observation satellites developed by Airbus and Thales. The interception of signals from these satellites was considered a serious national security threat, prompting an investigation into possible espionage.^[227]

According to reporting inSüddeutsche Zeitung, China has been soliciting information from members of theBundestag, including offering €30,000 for insider information from one parliamentarian.^[228]

Between August and September 2007 Chinese hackers were suspected of usingTrojan horsespyware on various government computers, including those of theChancellory, theMinistry of Economics and Technology, and theMinistry of Education and Research.^[229] Germans officials believe Trojan viruses were inserted in Microsoft Word andPowerPoint files, and approximately 160gigabytes of data were siphoned toGuangzhou,Lanzhou and Beijing via South Korea, on instructions from the People's Liberation Army.^[230]

TheFederal Ministry of the Interior estimates that Chinese economic espionage could be costing Germany between 20 and 50 billion euros annually.^[231] Spies are reportedly targeting mid- and small-scale companies that do not have as strong security regimens as larger corporations.^[232] Berthold Stoppelkamp, head of the Working Group for Economic Security (ASW), stated that German companies had a poor security culture making espionage easier, exacerbated by the absence of a "strong, centralized" police command.^[233] Walter Opfermann, acounter-intelligence expert for the state ofBaden-Württemberg, claimed that China is using extremely sophisticated electronic attacks capable of endangering portions of critical German infrastructure, having gathered sensitive information through techniques such asphone hacking and Trojan emails.^[234] In November 2018, German prosecutors inCologne charged a former employee ofLanxess for engaging in industrial espionage on behalf of a Chinese copycat company.^[235]

Germany suspects China of spying both on German corporations and onUyghur expatriates living in the country.^[236][237] In 2011, a 64-year-old German man was charged with spying on Uyghurs inMunich between April 2008 and October 2009.^[238][239] Munich is a center for expatriate Uyghurs, and in November 2009 members of theFederal Criminal Police Office arrested four Chinese nationals on charges of spying on Uyghurs. In 2007 Chinese diplomat Ji Wumin left Germany after being observed meeting with individuals engaged in surveillance of Munich Uyghurs, and German investigators suspect China is coordinating espionage activities out of itsMunich consulate in theNeuhausen district.^[240]

In 2012,EADS (Airbus) and steel makerThyssenKrupp were attacked by Chinese hackers. ThyssenKrupp described the attack as "massive" and "especially qualitative".^[241]

In 2016, ThyssenKrupp underwent an "organized, highly professional hacking attack" conducted "with state backing and the best attack techniques" whose aim was "to steal technological know-how and research".^[242] The group stated to have successfully repealed the attack after a "6 months long defensive battle". Some information was obtained by the hackers but critical divisions concerning blast furnace, power stations andsubmarines have reportedly not been affected.^[243] The timing of the attacks suggest that attackers are based in China or southeast Asia.^[242]

In 2017, theFederal Office for the Protection of the Constitution (BfV) published information alleging that Chinese intelligence services had created fakesocial media profiles on sites such as LinkedIn, using them to gather information on German politicians and government officials.^[244][245] TheVerfassungsschutz had previously warned that Chinese intelligence officers are making use ofsocial networking sites such as LinkedIn andXING to recruit informants.^[246] Lu Kang of the Ministry of Foreign Affairs denied the allegations.^[247]

In 2019, an investigation led by theBayerischer Rundfunk uncovered that a hacker group calledWinnti had attacked twelve major companies including six GermanDAX-traded companies:Bayer AG,BASF,Siemens,Henkel,Covestro.^[248] The Kapersky Lab first uncovered Winnti in 2011 after it infected the German company Gameforge and has been highly active ever since. An IT security expert with whom they have worked said that "any DAX corporation that hasn't been attacked by Winnti must have done something wrong".^[248] This group has also been attributed the responsibility of the 2016 ThyssenKrupp hacking attack.^[249]

We can, based on many, many indicators, say with high confidence that Winnti is being directed by the Chinese [government].

In October 2024, Germany arrests Chinese woman Yaqi X for passing defense info to China via EU lawmakerMaximilian Krah’s Chinese aide Jian Guo.^[250]

In January 2025, German prosecutors indicted three individuals suspected of spying for China by gathering information on military technology for China's Ministry of State Security. The German Federal Criminal Police Office (BKA) arrested Herwig F., Ina F. and Thomas R., inDüsseldorf andBad Homburg in April 2024.^[251]

In April 2025, a Chinese man, Jian Guo, who worked for a prominent German far-right lawmakerMaximilian Krah in the European Parliament has been charged with spying for China for more than four years.^[252]

Lithuanian intelligence agencies have claimed that China is engaged in an "increasingly aggressive" campaign of espionage, which includes "attempts to recruit Lithuanian citizens". Darius Jauniskis, Director of theState Security Department of Lithuania, has cautioned against a potential threat posed by Huawei telecommunications equipment.^[253]

Hackers working as part of APT 10, on behalf of the Chinese government, hacked Norwegianbusiness software providerVisma, reportedly to gain access to the information on the company's customers.^[254] Beginning on 30 August 2018, APT10 used a malware program dubbed Trochilus and accessed abackdoor, and then proceeded to useWinRAR andcURL to exfiltrate data from Visma to aDropbox account.^[255]

On 19 April 2009, Stefan Zielonka, anon-commissioned officer serving as a cipher operator for theMilitary Information Services and later theMilitary Intelligence Service [pl], mysteriously disappeared. Following his disappearance, some speculated that Zielonka may have worked for Russian intelligence or defected to China, where his expertise incryptography and knowledge ofNATO communication systems could have provided valuable information.^[256][257] Conversely, others suggested that Zielonka struggled with depression and personal issues, though this was disputed by some. On 27 April 2010, Zielonka's body was found in an advanced state of decomposition on the banks of theVistula River, with a rope hanging from a nearby tree and documents bearing his name. Some speculated that hisdeath may have been staged. Eventually,DNA testing of four bone fragments confirmed the body was his, and investigators ruled out third-party involvement.^[258] However, the case and its investigation remained shrouded in numerous unresolved and puzzling circumstances.^[259]

In April 2018, a former member of theParliament of Poland forSamoobrona, Mateusz Piskorski, was charged with espionage on behalf of Russia and China.^[260][261]

In January 2019, the Huawei sales director for Poland, identified as Weijing Wang (a.k.a. "Stanislaw Wang") was arrested, along with a former senior agent of theAgencja Bezpieczeństwa Wewnętrznego (ISA) named Piotr Durbajlo, on suspicion of espionage.^[262][263] Wang was educated at theBeijing Foreign Studies University and studiedPolish inŁódź, and subsequently worked as acultural attaché at the Chinese consulate inGdańsk.^[264][265] Wang joined Huawei's Enterprise Business Group in 2017. Durbajlo worked at theMilitary University of Technology, working on telecommunications security projects.^[265] After retiring from the ISA, he began working as a consultant forOrange Polska.^[265]

In December 2007, Igor Reshetin, the Chief Executive of Tsniimash-Export, and three researchers were sentenced to prison for passing on dual-purpose technology to the Chinese. Analysts speculated that the leaked technology could help China develop improvedmissiles and accelerate theChinese space program.^[266] In September 2010, the RussianFederal Security Service detained two scientists working at theBaltic State Technical University inSaint Petersburg. The two are charged with passing on classified information to China, possibly through theHarbin Engineering University.^[267][268] Russia has been a significant target for China linked hackers.^[129]

In February 2020, theFSB detained Dr. Valery Mitko, President of Russia's Arctic Academy of Sciences, on charges of providing classified information related to underwater detection of submarines to Chinese intelligence operatives.^[269]

In June 2025,The New York Times reported that a leaked internal FSB memo raised concerns aboutChina with respect toindustrial espionage of sensitive Russian technologies.^[270] Information on Russia's weaponry has increasingly been targeted byadvanced persistent threats emanating from China.^[271]

China has engaged in espionage campaigns in order to monitorUyghurs in Turkey that have involved coercion and sophisticated cyber-espionage measures.^{[272][273][274][275]} In February 2024, Turkey arrested six individuals suspected of spying on Uyghurs in the country on behalf of China's intelligence service.^[276] In May 2025, theTurkish National Intelligence Organization (MIT) reportedly dismantled a Chinese cyber-espionage cell inIstanbul, accused of using ghost base stations to collect communication data and user information and conduct surveillance of Turkish public officials and Uyghur Turks.^[277]

According to reports inNeue Zürcher Zeitung, Chinese intelligence services have attempted to recruit Swiss university staff and researchers using LinkedIn.^[278][279]

Babur Maihesuti, a Uyghur who became a Swedish citizen was arrested for spying on the Uyghur refugee communities in Sweden, Norway, Germany and the United States, and ultimately sentenced for illegal espionage activity.^{[280][281][282]} In April 2018, Sweden charged Dorjee Gyantsan, a 49-year-old Tibetan refugee, with spying on Tibetan dissidents and refugees in Sweden between July 2015 and February 2017.^[283] Gyantsan is accused of collecting information on Tibetan refugees in Sweden, and then passing that information on to Chinese officials inFinland andPoland.^[283] Gyantsan was arrested upon returning fromWarsaw, carrying $6,000 in cash.^[284][285]

According to an investigation byRecorded Future, Chinese hackers broke into the computer networks of the Vatican and the Holy See's Study Mission to China, including by placing malware in what appeared to be a letter fromCardinal Secretary of StatePietro Parolin.^[291] In the weeks after the investigation was published the hackers continued to operate on Vatican networks,^[292] by November 2020 the group targeting the Vatican had changed their tactics to avoid detection but were discovered by researchers from the firm Proofpoint.^[293]

Newspapers have estimated that China may have up to 1,000 spies in Canada.^[294][295] The head of theCanadian Security Intelligence ServiceRichard Fadden in a television interview was assumed to have implied that variousCanadian politicians at provincial and municipal levels had ties to Chinese intelligence. In an interview, he claimed that some politicians were under the influence of a foreign government, but he withdrew the statement a few days later. It was assumed by Chinese groups in Canada, and others, that he was referring to China because in the same interview he stressed the high level of Chinese spying in Canada, however Fadden did not say specifically which country these politicians were under the influence of. His statement was withdrawn a few days later.^[296]

In 2005, Canadian businessman Joe Wang stated his belief that threatening letters he received after broadcasting programs about alleged human rights abuses in China were from the Chinese consulate; one of the envelopes containedboric acid.^[297]

In 2012Mark Bourrie, anOttawa-based freelance journalist, stated that theState Council-run Xinhua News Agency asked him to collect information on the Dalai Lama through their Ottawa bureau chief, Dacheng Zhang, by exploiting his journalistic access to theParliament of Canada.^[298] Bourrie stated that he was asked to write for Xinhua in 2009 and sought advice from the Canadian Security Intelligence Service (CSIS), but was ignored. Bourrie was asked to collect information on the Sixth World Parliamentarians' Convention on Tibet at theOttawa Convention Centre, although Xinhua had no intention of writing a story on the proceedings. Bourrie stated that at that point "We were there under false pretenses, pretending to be journalists but acting as government agents."^[299] Xinhua collects extensive information onTibetan andFalun Gong dissidents in Canada, and is accused of being engaged in espionage by Chinese defectorChen Yonglin andReporters Without Borders.^{[citation needed]}

On 1 December 2013,Lloyd's Register employee Qing Quentin Huang was arrested and charged with violating theSecurity of Information Act, for allegedly communicating classified information on the federal shipbuilding strategy to China.^[300][301] Huang reportedly contacted theChinese Embassy in Ottawa in an attempt to pass on secrets, which was detected by the Canadian Security Intelligence Service, who in turn alerted theRoyal Canadian Mounted Police.^[301]

Between 2006 and 2010 Yang Wang, a Chinese immigrant to Canada, admitted to providing intelligence to the Ministry of State Security, including on the activities ofFalun Gong.^[302]

Around June 2014, theNational Research Council was reportedly penetrated by Chinese state-sponsored hackers.^[303]

In 2022, Yuesheng Wang, a researcher atHydro-Québec, was arrested and charged with violating theSecurity of Information Act, for allegedly obtainingtrade secrets and filing patents in connection with Chinese universities and publishing papers without the permission of Hydro-Québec. He is also charged with fraud for obtaining trade secrets, unauthorized use of a computer and breach of trust by a public officer. His crimes were allegedly committed between February 2018 and October 2022.^[304]

China has builtlistening stations inBejucal and elsewhere on the island that can be used monitor U.S. communications.^{[305][306][307][308]}

I think it's more than likely we're going to end up, if we end up in a war – a real shooting war with a major power – it's going to be as a consequence of a cyber breach of great consequence and it's increasing exponentially, the capabilities.
— President Biden, at theOffice of the Director of National Intelligence on 27 July 2021, in front of the U.S. intelligence community^[309]

China is suspected of having a long history of espionage in the United States against military and industrial secrets, often resorting to the exploitation of commercial entities and a network of scientific, academic, and business contacts. Several U.S. citizens have been convicted for spying for China. Naturalized citizen Dongfan Chung, an engineer working withBoeing, was the first person convicted under theEconomic Espionage Act of 1996. Chung is suspected of having passed on classified information on designs including theDelta IV rocket,F-15 Eagle,B-52 Stratofortress and theCH-46 andCH-47 helicopters.^[310]

TheU.S. Department of Justice investigation into the fund-raising activities had uncovered evidence that Chinese agents sought to direct contributions from foreign sources to theDemocratic National Committee (DNC) before the1996 presidential campaign. TheChinese embassy in Washington, D.C. was used to coordinate contributions to the DNC.^[311][312]

Taiwanese-American scientistWen Ho Lee (born inNantou, Taiwan 21 December 1939) was accused and investigated on the grounds of espionage in 1999 but was acquitted of all charges except for mishandling classified data.^[313]

In November 2005 the United States arrested four people in Los Angeles on suspicion of being involved in a Chinese spy ring.^[314]

In 2008 the Chinese government was accused of secretly copying information from the laptop of Commerce SecretaryCarlos Gutierrez during a trade mission to Beijing to gain information on American corporations.^[315][316] The allegations were subsequently dismissed by Qin Gang, a spokesman for theMinistry of Foreign Affairs of the People's Republic of China.^[317]

In 2009 China was suspected of stealing terabytes of design data for theF-35 Joint Strike Fighter from defense contractor Lockheed Martin's computers. In 2012, a Chinese version, theJ-31, appeared to rival the F-35.^[318]

China's espionage and cyberattacks against the US government and business organizations are a major concern, according to the seventh annual report (issued September 2009) to theUS Congress of theUnited States–China Economic and Security Review Commission.^[319] "Although attribution is a problem in cyber attacks, the scale and coordination of the attacks strongly indicates Chinese state involvement", said commission vice chairmanLarry Wortzel. "In addition to harming U.S. interests, Chinese human and cyber espionage activities provide China with a method for leaping forward in economic, technological, and military development." The report cited that the number of cyberattacks from China against theUS Department of Defense computer systems had grown from 43,880 in 2007 to 54,640 in 2008, a nearly 20 percent increase.^[320][321] Reuters reported that the Commission found that the Chinese government has placed many of its computer network responsibilities under the direction of the People's Liberation Army, and was using the data mostly for military purposes.^[322] In response, China slammed the report as "full of prejudice", and warning it could damage China-US relations. "We advise this so-called commission not to always view China through tinted glasses", Foreign Ministry spokesmanQin Gang said.^[323]

In June 2015, theUnited States Office of Personnel Management (OPM) announced that it had been the target of adata breach targeting the records of as many as four million people.^[324] Later, FBI DirectorJames Comey put the number at 18 million.^[325]The Washington Post has reported that the attack originated in China, citing unnamed government officials.^[326] James Comey said: "It is a very big deal from a national security perspective and from a counterintelligence perspective. It's a treasure trove of information about everybody who has worked for, tried to work for, or works for the United States government."^[327]

Voice of America reported in April 2020 that "U.S. intelligence agencies concluded the Chinese hackers meddled in both the 2016 and 2018 elections" and "Internet security researchers say there have already been signs that China-allied hackers have engaged in so-called 'spear-phishing' attacks on American political targets" ahead of the2020 United States elections.^[328]

In 2019, two Chinese nationals were indicted for theAnthem medical data breach.^[329] About 80 million company records were hacked, stoking fears that the copied data could be used foridentity theft.^[330] In February 2020, the United States government indicted members of China's PLA for hacking intoEquifax and plundering sensitive data as part of a massive heist that also included stealing trade secrets.^[331][332] Private records of more than 145 million Americans were compromised in the2017 Equifax data breach.^[333]

In July 2020, FBI DirectorChristopher A. Wray called China the "greatest long-term threat" to the United States. He said that "the FBI is now opening a new China-related counterintelligence case every 10 hours. Of the nearly 5,000 active counterintelligence cases currently under way across the country, almost half are related to China."^[333]

The greatest long-term threat to our nation’s information and intellectual property, and to our economic vitality, is the counterintelligence and economic espionage threat from China. It’s a threat to our economic security—and by extension, to our national security...It’s the people of the United States who are the victims of what amounts to Chinese theft on a scale so massive that it represents one of the largest transfers of wealth in human history. We’ve now reached the point where the FBI is opening a new China-related counterintelligence case about every 10 hours. Of the nearly 5,000 active FBI counterintelligence cases currently underway across the country, almost half are related to China.
— Director of the FBIChristopher Wray, Remarks at the Hudson Institute (July 7, 2020)

In July 2020, the United States Department of Justice indicted two Chinese hackers with global computer intrusion campaign targeting intellectual property and confidential business information, includingCOVID-19 research. It alleged that the two hackers worked with the Guangdong State Security Department of the Ministry of State Security (China).^[334]

In a July 2021 joint statement with NATO, the EU, and otherWestern nations, the US accused the Ministry of State Security of perpetrating several cyberattacks, including the 2021 Microsoft Exchange Server data breach. However, it also noted that several attacks were for-profit ransomware attacks by non-government hackers contracted by the MSS for non-intelligence purposes. Additionally, the U.S. Justice Department charged four Chinese nationals accused of working for the MSS with a hacking campaign targeting government, academic, and private institutions; the individuals were each charged with one count ofconspiracy to commitcomputer fraud and conspiracy to commiteconomic espionage.^{[184][185][186][187]}

In November 2022, Yanjun Xu, the first Chinese government intelligence officer ever to be extradited to the United States to stand trial was sentenced to 20 years in prison for espionage crimes, attempting to steal trade secrets.^[335][336] According to the U.S. Justice Department, Xu targeted American aviation companies, recruited employees to travel to China, and solicited their proprietary information, all on behalf of China.^[337]

In March 2023, the Center for Strategic and International Studies (CSIS) based in Washington DC published an updated Survey of Chinese Espionage in the United States since 2000, which includes 224 documented cases of Chinese espionage targeted at the United States as of February 2023.^[338] The list of cases is based on publicly accessible sources and CSIS believes it is likely incomplete.^[338] According to CSIS, Chinese intelligence in the United States surpasses any other nation, including Russia.^[338] While the economic and technological espionage costs the United States billions of dollars since 2000, Chinese espionage has also resulted in immeasurable harm to national security, particularly through the theft of weapon technology, including data related to nuclear weapons testing.^[338][339] CSIS observed that in recent years, China has expanded its espionage efforts to include the theft of substantial amounts ofpersonal information (PII), political manipulation, and influence operations.^[338]

On 3 August 2023, the United States Department of Justice announced two indictments of two U.S. Navy servicemembers for transmitting military information to Chinese intelligence officers. Jinchao Wei, an active-duty Navy sailor on theamphibious assault ship, theU.S.S. Essex stationed at Naval Base San Diego, was indicted for conspiracy to send national defense information to a Chinese spy.^[340] Petty Officer Wenheng Zhao was charged with receiving bribes from a Chinese spy in exchange for classified U.S. military information.^[340] On 8 January 2024, Zhao was convicted of transmitting sensitive U.S. military information to a Chinese intelligence officer in exchange for bribery payments and sentenced to 27 months in prison and ordered to pay a $5,500 fine.^[341]

In January 2025, the United States Department of Justice announced the indictment and arrest of John Harold Rogers, a former senior advisor to theFederal Reserve Board of Governors, on charges that he conspired to steal Federal Reserve trade secrets for the Chinese government.^[342][343]

FormerDepartment of Defence SecretaryDennis Richardson has stated that China is engaged in extensive espionage against Australia, and included surveillance ofChinese Australian communities.^[344][345] Australia believes that the Chinese government have been spying on Australian businesses.^[346][347] A male Chinese student fromFujian was granted a protection visa by the Refugee Review Tribunal of Australia after revealing that he had been instructed to spy on Australian targets in exchange for an overseas scholarship, reporting to the Ministry of State Security.^[348]

Nicola Roxon, theAttorney-General of Australia, blocked theShenzhen-based corporation Huawei from seeking a supply contract for theNational Broadband Network, on the advice of theAustralian Security Intelligence Organisation (ASIO).^[349] The Australian government feared Huawei would provide backdoor access for Chinese cyber espionage.^[350][351]

The Chinese government is suspected of orchestrating an attack on the email network used by theParliament of Australia, allowing unauthorized access to thousands of emails and compromising the computers of several senior Australian politicians including Prime MinisterJulia Gillard, Foreign MinisterKevin Rudd, andMinister of DefenseStephen Smith.^[352][353]

Sheri Yan and a formerOffice of National Assessments (ONA) official,Roger Uren, were investigated by ASIO on suspicion of spying for China.^[354] Uren, former Assistant Secretary responsible for the Asia section of ONA, was found to have removed documents pertaining to Chinese intelligence operations in Australia, and kept them in his apartment.^[354] Yan was suspected of undertaking influence operations on behalf of the Chinese Communist Party, and introducing ColonelLiu Chaoying, amilitary intelligence officer, to Australian contacts.^{[354][355][356]}

Hackers either working for or on behalf of the government of China are suspected as being responsible for a cyber-espionage attack against an Australian defense company.^[357][358] Designated APTAlf by theAustralian Signals Directorate, the hackers stole approximately 30 gigabytes of data on projects including the F-35 Joint Strike Fighter, theP-8 Poseidon, theC-130 Hercules and theJoint Direct Attack Munition.^[357] APT Alf used a remote access tool dubbed "China Chopper".^[357]

In 2017, Chinese hackers infiltrated the computers ofAustralian National University, potentially compromising national security research conducted at the university.^[359][360] In 2015, Chinese hackers infiltrated theBureau of Meteorology.^[359]

In February 2019, theSydney Morning Herald reported that Chinese businessman and real-estate developerHuang Xiangmo had been denied permanent residency by theDepartment of Home Affairs reportedly due to character and national security concerns.^[361] Huang was the chairman of the Australian Council for the Promotion of the Peaceful Reunification of China (ACPPRC), theChina Council for the Promotion of Peaceful National Reunification (CCPPNR) and the Oceanic Alliance of the Promotion of Peaceful Reunification of China; all three either umbrella organizations of the United Front Work Department or having close ties with the UFWD itself.^[362] Prior to his forced departure, Huang had been active in Australian political circles, donating some $2.7 million to both theAustralian Labor andLiberal parties respectively as well as delivering $100,000 in cash to the New South Wales branch of the Australian Labor party in breach of electoral donation laws.^[363] In 2021, Huang was elected to Hong Kong's new electoral committee implemented under the2021 Hong Kong electoral changes imposed on Hong Kong by the National People's Congress in Beijing with the electoral message of "Support[ing] the implementation of ‘patriots administer[ing] Hong Kong".^[364]

In March 2019, theAustralian Broadcasting Corporation reported that the body of a member of the Australian Liberal Party Bo ("Nick") Zhao had been inside a hotel room inMelbourne. Zhao had been a member of the Liberal party in the electorate ofChisholm,Victoria since 2015. Reports emerged afterwards that Zhao had been approached by a businessman originating fromChina who offered a $1 million in exchange for Zhao's running of candidacy to the Federal Parliament.^[365] Zhao allegedly reported the encounter to the Australian Security and Intelligence Organisation resulting in his death months later.^[366] Member of theParliamentary Joint Intelligence Committee on Intelligence and Security (PJCIS)Andrew Hastie stated that Zhao was: "the perfect target for cultivation", remarking that he was "a guy who was a bit of a high-roller in Melbourne, living beyond his means, someone who was vulnerable to a foreign state intelligence service cultivating [him]."^[366]

In April 2023, it was reported that two individuals believed to be Chinese spies provided a Sydney-based businessman with cash-filled envelopes in exchange for intelligence on various topics, including an Australian government agreement involving the construction of Australiannuclear-powered submarines in collaboration with the United States and Britain.^[367]

In August 2025, theAustralian Federal Police (AFP) charged a Chinese national and Australian permanent resident with foreign interference, alleging that she had covertly gathered information about the Canberra branch of the Buddhist associationGuan Yin Citta Dharma Door, which is outlawed in China.^[368]

In November 2025, ASIO director-generalMike Burgess said hackers linked to the Chinese government and military had attempted to access Australia's critical infrastructure, including telecommunications networks. He identified the groupsSalt Typhoon andVolt Typhoon, which allegedly infiltrated U.S. systems for espionage and potential sabotage, and warned that similar probing had occurred in Australia. Burgess said Chinese officials had repeatedly complained to the Australian government and businesses about ASIO's public remarks on China, but he vowed to continue speaking out.^[369][370]

Jian Yang, a member of theNew Zealand House of Representatives and theNew Zealand National Party was investigated by theNew Zealand Security Intelligence Service (NZSIS) as a possibly spy due to his links to Chinese military and intelligence schools.^[371] Yang reportedly failed to declare that he had taught at theAir Force Engineering University or the Luoyang People's Liberation Army University of Foreign Languages, which are commonly used as training grounds for Chinese intelligence officers.^[372][373] Yang has denied the allegations that he is a spy.^[374][375]

In February 2020, theSerious Fraud Office of New Zealand charged three Chinese nationals: Zhang Yikun, Zheng (Colin) Shijia, Zheng Hengjia and a member of parliamentJami Lee Ross over allegations of providing misleading information in relation to donations to the National Party donations amounting up to $100,000.^[376] Zhang, a well known business man in theNew Zealand Chinese community is a native ofGuangdong province and allegedly served in the People's Liberation Army prior toimmigrating to New Zealand in 2000^[377] as well as the founder of Chao San General Association (CGSA) (Chinese:新西兰潮属总会;pinyin:Xīnxīlán cháo shǔ zǒng huì) registered with the Ministry of Ethnic Communities New Zealand.^[378]

The stated purpose of the association is to serve theTeochow community (an ethnic sub-group) from Guangdong in New Zealand, however Chinese dissident and local journalist Chen Wenjie has claimed the association is part of the CCP's United Front Work Department (UFWD) and donations by the association including those to the Christchurch Foundation in the sum of some $2.1 million to assist the victims of the2019 Mosque shootings are part of a coordinated strategy to: "purchase political influence" and engage in "strategic infiltration" of the political systems of host countries.^[379]

Local media outletStuff also reported that Zhang led a delegation of New Zealand business leaders and politicians to visit theOverseas Chinese Affairs Office (OCAO) of the State Council, the Chinese government agency responsible for liaison with overseas Chinese communities in 2017 and that in 2018 the association officially became part of the UFWD.^[377] On 25 February 2020, the Serious Fraud Office reported that Zhang along with three others had been charged with obtaining by deception under the Crimes Act and providing false or misleading information under the Serious Fraud Office Act, with each pleading not guilty in Auckland District Court.^[380]

On 23 July 2020 local media outletnewsroom reported that two Chinese dissidents: Yuezhong Wang and Weiguo Xi had been killed in a car crash on their way toWellington to parliament to deliver a petition theNew Zealand Government about Chinese Communist Party political interference in New Zealand.^[381] Xi was reportedly a former member of the PLA while in China who campaigned against government corruption and was detained by police as a result of his activism and the Chairman of the New Zealand Branch of The Federation for a Democratic China; with being a writer affiliated with theChinese Democracy Movement.^[382] While no comments were made by police in relation to the circumstances of death were suspicious, according to political researcherAnne-Marie Brady, significant speculation existed within the local Chinese diaspora community on whether Wang and Xi's death were the product of "sabotage".^[383]

On 15 September 2020, theStuff media company reported that the Chinese data intelligence companyZhenhua Data had collected open source data intelligence on 730 New Zealand politicians, diplomats, academics, business executives, sportspersons, judges, fraudsters and their families includingPrime MinisterJacinda Ardern, former Prime MinisterJohn Key's son Max, formerFinance MinisterRuth Richardson, and sportspersonBarbara Kendall. Ten percent of Zhenhua Data's database had been leaked to American academic Chris Balding, who then passed the material to Canberra-based cybersecurity firm Internet 2.0.^[384]

In August 2023, an NZSIS threat assessment which identified China, Iran, and Russia as the three foreign governments most responsible for foreign interference in New Zealand. According to the report, Chinese intelligence services were actively targeting ethnic Chinese communities in New Zealand including surveillance, monitoring, harassment, and threats of dissidents.^[385][386]

In June 2023, Cuba agreed to host a Chinese spying facility that could allow the Chinese to eavesdrop on electronic communications across the southeastern United States, an area populated with key military installations and extensive maritime traffic.^[387][388]

The computer security firmESET reported that tens of thousands ofblueprints were stolen from Peruvian corporations throughmalware, which were traced to Chinese e-mail accounts. This was done through anAutoCADworm called ACAD/Medre.A, written inAutoLISP, which located AutoCAD files, at which point they were sent to QQ and163.com email accounts in China.^[389] ESET researcher Righard Zwienenberg claimed this was Chinese industrial espionage.^[390] The virus was mostly localized to Peru but spread to a few neighboring countries before being contained.^[391]

• Allegations of intellectual property theft by China
• Chinese information operations and information warfare
• Cyberwarfare and China
• Foreign interventions by China
• Transnational repression by China
• One institution with two names