Cyberwarfare is the strategic use of computer technology to disrupt the functions of a state or organization, specifically through the deliberate targeting of information systems for military or tactical purposes. In thePeople's Republic of China, it is related to the aggregate ofcyberattacks attributed to state organs and various relatedadvanced persistent threat (APT) groups.

In 1992, thePeople's Liberation Army stated that the United States was developing computer virus weapons.^[10]: 187 According to the PLA journalForeign Military Arts, US computer virus weapons would have the potential to attack civilian targets and military targets.^[10]: 192 The PLA observed that cyberattacks could have strategic impacts.^[10]: 189

During the 1999NATO bombing of Yugoslavia, theUnited States bombed the Chinese embassy in Belgrade.^{[10]: 16–17} The US stated that the bombing was accidental.^[10]: 17 Chinese leadership believed that the US had intentionally bombed the embassy and viewed China as significantly lacking in leverage against the United States.^[10]: 17 Among other efforts to reduce its gap in leverage, China sought to begin developing cyberwarfare capabilities.^[10]: 17 In 2000,Jiang Zemin approved the development of cyber coercive capabilities.^[10]: 187

In a December 2000 speech to theCentral Military Commission (CMC), Jiang stated, "[I]nformation warfare is in the ascendant on the stage of warfare, with electronic network warfare and computer network warfare as the principle means."^{[10]: 191–192}

At the December 2002 CMC meeting, Jiang instructed the PLA to invest heavily in information warfare development and the PLA therefore established the All-Military InformatizationLeading Small Group to coordinate this development.^{[10]: 210–211}

When he became Chairman of the CMC in 2004,Hu Jintao instructed the PLA to engage in a "new historic mission" to defend China's interests in the electromagnetic (and space) domains.^[10]: 213

Chinese leadership perceived that China was at an increasing risk of cyber threats from abroad.^[10]: 211 This perception was shaped from 2000 to 2010 by the early 2000scolor revolutions, the Russiancyberattacks during the2008 Russo-Georgian war, and theUS-Israel Stuxnet cyberattack on Iran.^[10]: 211 The2010s surveillance disclosures byEdward Snowden about the extent of US global surveillance programs also highlighted to Chinese leadership the risks the country faced through its reliance on foreign hardware, software, and internet infrastructure.^[10]: 211

The PLA's first cyberblue team was established inGuangzhou Military Region in May 2011 to test regular PLA unit's cyber defenses.^[10]: 202

At the18th National Congress of the Chinese Communist Party, Hu Jintao stated China should "implement the military strategy of active defense for the new period, and enhance military strategic guidance as the times so require. We should attach great importance to maritime, space, and cybersecurity."^[10]: 279

As part of its response to theUnited States intelligence activities in China demonstrated through the Snowden disclosures, the CCP in 2014 formed theCybersecurity and Information Leading Group and theNational People's Congress passed the 2017Cyber Security Law.^{[11]: 129, 250} Under thegeneral secretaryship of Xi Jinping, the Chinese government has sponsored regular hacking competitions to identify top talent for state recruitment and, since 2018, has legally required allvulnerabilities discovered to be reported solely to theMinistry of Industry and Information Technology.^[12][13] In 2018, Chinese nationals stopped participating in international hacking competitions.^[12][14]

During the NewGutian Conference, Xi Jinping stated that cyber conflict was one of the main areas of military competition for the PLA and described the PLA as needing to overcome its "ostrich" attitude and rigid ways of thinking in this area.^[10]: 232 According to Xi's remarks, "Currently some work is not at all suitable for the requirements of the cyber era, and it is already increasingly clear that ideas and concepts and work methods are lacking in this age".^[10]: 232

In a 2016 cybersecurity speech, Xi stated that government, the PLA, and private enterprise should acquire cyber technology at the level of its rivals and that China needed to develop a "situational awareness posture at all times and in all locations".^[10]: 219 Xi stated that "if others use air strikes and we are still using swords and spears, that is unacceptable; offensive and defensive capabilities must be symmetrical."^[10]: 219 In 2019, he stated that China "continues to advance in the direction of balancing offensive and defensive cyber power" and that the country's "cyber-security deterrence capability to strike back continues to grow."^{[10]: 219–220}

In 2020, a Chinese cybersecurity firm,Qihoo 360, publicly claimed that a cyber espionage campaign was attributed to theCentral Intelligence Agency.^{[10]: 220–221} In a December 2024 meeting, a Chinese Ministry of Foreign Affairs official stated that Chinese cyberattacks against U.S. infrastructure are a response toAmerican policies toward Taiwan.^[15]

Academic Fiona Cunningham writes that while it has targeted U.S. critical infrastructure withVolt Typhoon, as of mid-2024, there have been no public reports of a Chinese cyberattack with a scope similar to the United States-IsraelStuxnet cyberattack on Iran, or theRussian cyberattacks on Ukraine's power grid).^[10]: 228

While some details remain unconfirmed, it is understood that China organizes its resources as follows:

• “Specialized military network warfare forces” (Chinese:军队专业网络战力量) - Military units specialized in network attack and defense.
• "PLA-authorized forces” (授权力量) - network warfare specialists in theMinistry of State Security (MSS) and theMinistry of Public Security (MPS).
• “Non-governmental forces” (民间力量) - civilian and semi-civilian^{[definition needed]} groups that spontaneously engage in network attack and defense.^[16]

In response to claims that Chinese universities, businesses, and politicians have been subject to cyber espionage by theUnited StatesNational Security Agency since 2009,^[17][18] the PLA announced a cyber security squad in May 2011 to defend their own networks.^[19]

Since Xi becameGeneral Secretary of theChinese Communist Party in 2012, the Ministry of State Security (MSS) gained more responsibility overcyberespionage compared with the PLA, and currently oversees variousadvanced persistent threats.^[20] According to security researcher Timo Steffens, advanced persistent threat (APT) groups in China leverage skills from private as well as public institutions and individuals, including smaller companies and hackers that take on government contracts.^[21]

On 31 December 2015, the PLA established theStrategic Support Force (PLASSF).^[10]: 224 The PLASSF combined PLA cyber units from various PLA bodies into theNetwork Systems Department which included cyber intelligence, defense, and attack capabilities.^[10]: 224 In April 2024, the PLASSF was dissolved and its cyberwarfare capabilities and personnel were transferred to the newly createdPeople's Liberation Army Cyberspace Force.^[22]

In 2017,Foreign Policy estimated China's "hacker army" personnel at between 50,000 and 100,000 individuals.^[23]

In 2020, Japan'sComputer Emergency Response Team (CERT) reported that a suspected Chinese hacking organization dubbed "Bronze President" had hacked and extracted footage from the AU Headquarters' security cameras.^[59]

In 2022, Chinese state-affiliated hackers compromised the email system of theASEAN Secretariat.^[60][61]

In May 2013,ABC News claimed that the Chinese government stole blueprints to the headquarters of theAustralian Security Intelligence Organisation (ASIO).^[62] In May 2023, Australia, alongside otherFive Eyes member states, identified the Chinese government behind the "Volt Typhoon"advanced persistent threat targeting critical infrastructure.^[63] In July 2024, government agencies from eight nations, including theAustralian Signals Directorate, released a joint advisory on APT40.^[64][65]

In April 2024, the BelgianForeign Ministry summoned the Chinese envoy after reports emerged that Chinese spies (APT31) hacked the laptops of key lawmakers such as the head of the Belgian Foreign Affairs Committee and former prime ministerGuy Verhofstadt.^[66][67][68]

In 2022, a Chinese advanced persistent threat called ChamelGang, or CamoFei, attacked thepresidency of Brazil in a cyber-espionage operation that used ransomware as acover, according to a report bySentinelOne andRecorded Future.^[69][70]

Officials in theCanadian government claimed that Chinese hackers compromised several departments within the federal government inearly 2011, though the Chinese government has denied involvement.^[71] In 2014, Canada's Chief Information Officer claimed that Chinese hackers compromised computer systems within theNational Research Council.^[72] In May 2023, Canada'sCommunications Security Establishment identified the Chinese government as being behind the "Volt Typhoon" advanced persistent threat targeting critical infrastructure.^[73] In July 2024, government agencies from eight nations, including the Canadian Centre for Cyber Security, released a joint advisory on APT40.^[64][65]

In 2021, CzechMinister of Foreign AffairsJan Lipavský was targeted in a Chinese cyberespionage campaign by the Ministry of State Security's APT31 group.^[74] In response, Lipavský stated "[t]his just proves the assessment in our Security Strategy, which states that the rising assertiveness of China is a systemic challenge that needs to be dealt with in coordination with our trans-Atlantic allies."^[74] In May 2025, the CzechMinistry of Foreign Affairs stated that it was targeted by APT31, saying that "[s]uch behavior undermines the credibility of the People’s Republic of China and contradicts its public declarations."^[75]

In March 2025, Denmark's Centre for Cyber Security (CFCS) stated that the Danish telecom sector was being actively targeted by state-backed hackers from China.^[76][77]

In March 2021, theFinnish Security and Intelligence Service said China's APT31 had targeted the country's parliament in a cyber attack.^[78] In March 2024, Finnish police confirmed that APT31 breached theParliament of Finland in March 2021.^[79]

In May 2024, several French lawmakers, all belonging to theInter-Parliamentary Alliance on China (IPAC), revealed that they had been targeted by China's APT31.^[80]

In July 2024, government agencies from eight nations, including Germany'sFederal Intelligence Service andFederal Office for the Protection of the Constitution, released a joint advisory on APT40.^[64][65]

Officials in theIndian government believe that attacks on Indian government networks, such as the attack on the IndianNational Security Council, have originated from China. According to the Indian government, Chinese hackers are experts in operatingbotnets, which were used in these attacks.^[81] Additionally, other instances of Chinesecyberattacks against India's cyberspace have been reported in multitude.^[82][83]

In 2021, Indonesia'sState Intelligence Agency (BIN), and other government institutions were reported to have been targeted by Mustang Panda, a China-based advanced persistent threat actor.^[84] BIN subsequently denied any compromise of their computer systems.^[85]

Starting in 2019, Chinese state-sponsored espionage group UNC215 targeted Israeli government institutions, IT providers, and telecommunication firms in a series of attacks that attempted to disguise themselves as Iranian hackers.^[86][87]

In July 2025, a hacker allegedly working withHafnium, Xu Zewei, was arrested in Milan.^[88]

In April 2021, Japan claimed that the Chinese military ordered cyberattacks on about 200 Japanese companies and research institutes, includingJAXA.^[89] In July 2024, government agencies from eight nations, including Japan'sNational Police Agency, released a joint advisory on APT40.^[64][65]

In March 2024, Kazakhstan’s National Computer Emergency Response Team reported that Chinese state-backed hackers accessed the country'sMinistry of Defense, telecommunications networks, and other critical infrastructure since at least two years prior.^[90]

In April 2024, two Lithuanian lawmakers belonging to theInter-Parliamentary Alliance on China (IPAC) were reported to have been targeted by APT31.^[91]

In 2024, theDutch Military Intelligence and Security Service and theGeneral Intelligence and Security Service stated that Chinese state hackers penetrated a Dutch military network the prior year.^[92]

In May 2023, New Zealand, alongside other Five Eyes member states, named the Chinese government as being behind the "Volt Typhoon" advanced persistent threat targeting critical infrastructure.^[93] In March 2024, theGovernment Communications Security Bureau and New Zealand Government accused the Chinese government viaAPT40 of breaching its parliamentary network in 2021.^[94] In July 2024, government agencies from eight nations, including the New ZealandNational Cyber Security Centre, released a joint advisory on APT40.^[64][65]

In 2018, Norway's private IT infrastructure was penetrated by China's Ministry of State Security-linked hacking group APT31.^[95] Norwegian parliamentary email accounts were breached by Chinese state hackers during the2021 Microsoft Exchange Server data breach.^[96]

In 2024, Flax Typhoon, an advanced persistent threat linked to the Chinese state, was found to have infiltrated Paraguayan government networks.^[97][98]

In the run-up the2025 Philippine general election, theNational Intelligence Coordinating Agency (NICA) stated that Chinese government agents undertook onlineinfluence operations in coordination with local proxies. NICA alleged that the Chinese embassy in Manila paid for atroll farm onFacebook andTwitter to spread disinformation and promote Chinese state interests.^{[99][100][101]}

In June 2025, a leaked internal RussianFSB memo raised concerns about China with respect toindustrial espionage of sensitive Russian technologies.^[102] Information on Russia's weaponry has increasingly been targeted by advanced persistent threats emanating from China.^[103]

In July 2025,K. Shanmugam, Singapore'sCoordinating Minister for National Security, stated that the country's critical infrastructure was attacked by UNC3886, a cyber-espionage group linked to China.^[104][105]

In July 2024, government agencies from eight nations, including South Korea'sNational Intelligence Service, released a joint advisory on APT40.^[64][65] In 2025,SK Telecom was reported to be affected by attacks from China-based hacking group Red Menshen.^[106][107]

The United States has accused China of cyberwarfare attacks that targeted the networks of important American military, commercial, research, and industrial organizations. A Congressional advisory group has declared China "the single greatest risk to the security of American technologies"^[108] and "there has been a marked increase in cyber intrusions originating in China and targeting U.S. government and defense-related computer systems".^{[108][109][110][111]} China's cyberwarfare has expanded from cyber-espionage to "pre-positioning" activity for the sabotage and crippling of critical infrastructure.^[112] From 2023 to 2024, hacks originating from Chinese state-sponsored actors doubled to over 330.^[113]

In January 2010,Google reported targetedattacks on its corporate infrastructure originating from China "that resulted in the theft of intellectual property from Google."Gmail accounts belonging to twohuman rights activists were compromised in an attack on Google's password system.^[114] Chinese hackers also gained access to adatabase containingclassified information about suspected spies, agents, and terrorists under surveillance by the US government.^[115] American security experts connected the Google attack to various other political and corporate espionage efforts originating from China, which included spying against military, commercial, research, and industrial corporations.^[111]Obama administration officials called the cyberattacks "an increasingly serious cyber threat to US critical industries."^[109]

In addition to Google, at least 34 other companies have been attacked. Reported cases includeNorthrop Grumman,Symantec,Yahoo,Dow Chemical, andAdobe Systems.^[116] Cyber-espionage has been aimed at both commercial and military interests.^[117]

Diplomatic cables highlight US concerns that China is exploiting its access to Microsoft source code to boost its offensive and defensive capabilities.^[118]

A number of private computer security firms have stated that they have growing evidence of cyber-espionage efforts originating from China, including the "Comment Group".^[119]

China has denied accusations of cyberwarfare,^[120] and has accusedthe United States of engaging in cyber-warfare against it, accusations which the United States denies.^{[121][122][123][124][125]}

During 18 minutes on April 8, 2010, state-ownedChina Telecom advertised erroneous network routes that instructed "massive volumes" of U.S. and other foreign Internet traffic to go through Chinese servers. A US Defense Department spokesman told reporters that he did not know if "we've determined whether that particular incident ... was done with some malicious intent or not" and China Telecom denied the charge that it "hijacked" U.S. Internet traffic.^[126]

In 2011, a Chinese state TV program displayed outdated screenshots of a Chinese military institute performing cyber attacks on a US-based dissident entity.^[127] The direct visual evidence from an official Chinese source challenges China's claims that it never engages in overseas hacking for government purposes.^[127]

During March 2013, high-level discussions continued.^[128]

In May 2014, a federalgrand jury in the United Statesindicted fivePLA Unit 61398 officers on charges of theft of confidential business information from U.S. commercial firms and plantingmalware on their computers.^[129][130] To Chinese experts, the charges demonstrated the sophistication of the United States ability to attribute cyberattacks.^[10]: 212

In September 2014, aSenate Armed Services Committee probe revealed hackers associated with the Chinese government committing various intrusions of computer systems belonging to U.S. airlines, technology companies and other contractors involved with the movement of U.S. troops and military equipment,^[131] and in October 2014, The FBI added that hackers, who they believe to be backed by the Chinese government, have recently launched attacks on U.S. companies.^[132]

In 2015, theU.S. Office of Personnel Management (OPM) announced that it had been the target of adata breach targeting the records of as many as 21.5 million people.^[133]The Washington Post reported that the attack came from China, citing unnamed government officials.^[134]FBI directorJames Comey explained "it is a very big deal from a national security perspective and a counterintelligence perspective. It's a treasure trove of information about everybody who has worked for, tried to work for, or works for the United States government."^[135]

In October 2018,Bloomberg Businessweek published a report, citing unnamed corporate and governmental sources, which claimed that the PLA had forcedSupermicro's Chinese sub-contractors to add microchips with hardware backdoors to its servers. The report claimed that the compromised servers had been sold to U.S. government agencies (including the CIA and Department of Defense) and contractors and at least 30 commercial clients.^[136]

In 2019, a study showed continued attacks on the US Navy and its industrial partners.^[137]

In 2020, as the coronavirus spread globally, intelligence agencies—including China’s—reportedly turned to hacking to gather information on vaccine development. That May, theFederal Bureau of Investigation and CISA publicly accused China-linked cyber actors of targeting U.S. institutions to steal COVID-19 research and health data.^[138]

In February 2020, a US federal grand jury charged four members of the PLA with the2017 Equifax hack.^[139] The official account of FBI stated on Twitter that they played a role in "one of the largest thefts of personally identifiable information by state-sponsored hackers ever recorded".^[140]

TheVoice of America reported in April 2020 that "U.S. intelligence agencies concluded the Chinese hackers meddled in both the 2016 and 2018 elections" and said "there have already been signs that China-allied hackers have engaged in so-called "spear-phishing" attacks on American political targets" ahead of the2020 United States elections.^[141]

In March 2021,United States intelligence community released analysis in finding that China had considered interfering with the election but decided against it on concerns it would fail or backfire.^[142]

In April 2021,FireEye said that suspected Chinese hackers used a zero-day attack against Pulse Connect Secure devices, a VPN device, in order to spy on dozens of government, defense industry and financial targets in the U.S. and Europe.^{[143][144][145][146]}

In May 2023,Microsoft and Western intelligence agencies reported that a Chinese state-sponsored hacking group affiliated with the PLA called "Volt Typhoon" had targeted critical infrastructure and military installations inGuam, Hawaii, Texas and elsewhere.^{[147][148][149]} In January 2024, US authorities stated that they disrupted an operation by Volt Typhoon that had access to critical infrastructure in the US for at least five years.^[150][151]

In February 2024,OpenAI announced that it had shut down accounts used by the Charcoal Typhoon and Salmon Typhoon hacking groups. The groups had been using their services to research companies, intelligence agencies, cybersecurity tools and evasion techniques, translate technical papers, write and refactor code, and create phishing campaign content.^[152][153] The same month, leaked documents from an MSS, PLA, and MPS contractor based in Shanghai calledI-Soon, also known as Auxun, provided details into a campaign to harassdissidents, activists, critical academics, andUyghurs overseas.^{[154][155][156]}

In July 2024, government agencies from eight nations, including the United States National Security Agency andCybersecurity and Infrastructure Security Agency, released a joint advisory on APT40.^[64][65] In September 2024, FBI directorChristopher A. Wray announced that Chinese state hacking campaign known as Flax Typhoon, which targeted critical infrastructure, had been disrupted.^[157][158]

In October 2024, backdoors mandated by the 1994Communications Assistance for Law Enforcement Act, which forces internet providers to provide backdoors for government authorities,^[159][160] were found to have been employed by China to tap communications in the U.S. using that infrastructure for months, or perhaps longer;^[161] China recorded presidential candidate campaign office phone calls —including employees of the then-vice president of the nation– and of the candidates themselves.^[162]

In November 2024, Texas governorGreg Abbott ordered state agencies to harden critical infrastructure from cyberattacks from threats emanating from the PRC.^[163] In December 2024, the U.S. moved to crack down on China Telecom's cloud operations in the U.S. in response to the2024 United States telecommunications hack.^[164] The same month, Chinese state-backed hackers were accused of obtaining a security key and accessing unclassified documents of theUnited States Department of the Treasury.^[165][166] In December 2024, theOffice of Foreign Assets Control (OFAC) sanctioned the Integrity Technology Group, an organization believed to be behind the Flax Typhoon APT.^[167][168]

In January 2025, the computers of theUS Secretary of the Treasury and several of her lieutenants were accessed by Chinese hackers.^[169] In March 2025, theU.S. Department of Justice indicted 10 Chinese nationals who worked for MPS or its contractor I-Soon, also known as Auxun Information Technology.^[170] A 2025Czech Technical University study found that multiple Chinese academics have produced studies on how to optimally target U.S. electric grids.^[113] In July 2025, theNational Nuclear Security Administration was reported to have breached by Chinese state-sponsored advanced persistent threat groups dubbed Linen Typhoon, Violet Typhoon and Storm-2603.^[171]

Comparing the semiconductor industry in China mainland and Taiwan today, Taiwan is the leader in terms of overall competitiveness. On 6 August 2020,Wired published a report, stating that "Taiwan has faced existential conflict with China for its entire existence and has been targeted by China's state-sponsored hackers for years. But an investigation by one Taiwanese security firm has revealed just how deeply a single group of Chinese hackers was able to penetrate an industry at the core of the Taiwanese economy, pillaging practically its entire semiconductor industry."^[172]

In 2025,Proofpoint published a report stating that China-linked hackers have targeted Taiwanese microchip companies such asTSMC,MediaTek,United Microelectronics Corporation,Nanya Technology, andRealtek with sustained campaigns.^[173]

In May 2025, theTurkish National Intelligence Organization (MIT) reportedly dismantled a Chinese cyber-espionage cell in Istanbul, accused of using ghost base stations to collect communication data and user information and conduct surveillance of Turkish public officials and Uyghur Turks.^[174]

In April 2022,The Times reported that days prior to the start of the2022 Russian invasion of Ukraine, a cyberwarfare unit of the PLA launched cyberattacks against hundreds of Ukrainian government sites, according to officials of theSecurity Service of Ukraine.^[175][176]

In May 2023, the UK'sNational Cyber Security Centre, alongside other Five Eyes member states, identified the Chinese government behind the "Volt Typhoon" advanced persistent threat targeting critical infrastructure.^[63][177]

In March 2024, the UK government and the United States Department of the Treasury's Office of Foreign Assets Control (OFAC) jointly sanctioned a Chinese MSS front company called Wuhan Xiaoruizhi Science and Technology and affiliated individuals forbreaching theElectoral Commission and placing malware in critical infrastructure.^[178][179]

In July 2024, government agencies from eight nations, including the UK's National Cyber Security Centre, released a joint advisory on APT40.^[64][65]

In July 2020, it was reported that Chinese state-sponsored hackers operating under the named RedDelta hacked the Vatican's computer network ahead of negotiations between China and the Vatican.^[180]

In 2012, Chinese state-sponsored hackers attackedPetroVietnam,Vietnam News Agency, andVietnam Post. During theHai Yang Shi You 981 standoff in 2014, multiple Vietnamese government websites were attacked by Chinese hackers.^[181] In 2016, following theSouth China Sea Arbitration ruling, multipleVietnamese airports were hacked.^[181][182] In 2020, Vietnamese government officials were targeted inphishing campaigns by the China-based state-sponsored hacking group Pirate Panda.^[183] In 2023, Vietnam publicly named several Chinese advanced persistent threat groups targeting it.^[182]

• Chinese intelligence activity abroad
• Chinese information operations and information warfare
• Cyberwarfare by Russia
• Cyberwarfare and the United States
• GhostNet
• Great Cannon
• Honker Union
• List of cyber warfare forces#China
• Operation Shady RAT
• Red Apollo
• 2021 Microsoft Exchange Cyberattack
• 2024 United States Department of the Treasury hack

• Cyberwarfare by China
• Advanced persistent threat
• China–United States relations
• Cyberattacks
• Foreign relations of China
• Hacker groups
• Hacking (computer security)
• Espionage in China

• CS1 Danish-language sources (da)
• CS1 Spanish-language sources (es)
• Webarchive template wayback links
• Articles with short description
• Short description is different from Wikidata
• Use mdy dates from March 2012
• Use British English from January 2019
• All Wikipedia articles written in British English
• Articles with excerpts
• Articles containing simplified Chinese-language text
• Wikipedia articles needing clarification from January 2019