Cyber warfare blurs the boundaries between war and peace.
Cyber espionage is one of the unconventional methods recommended for achieving global dominance in the 1999 book Unrestricted Warfare by People’s Liberation Army (PLA) colonels Qiao Liang and Wang Xiangsui. They state that America, though far more powerful than China, is vulnerable to asymmetric warfare, which has “greater destructive force” than military action.
Like other asymmetric strategies, cyber warfare blurs the boundaries between war and peace as well as between military and civilian domains. Consequently, covert attacks continue without formal declarations of war: research and technology are stolen from universities, corporations, and leading institutions; sensitive networks and grids, both military and civilian, are hacked; critical infrastructure is compromised with bugged Chinese-made components.
These efforts have been ongoing for decades as China seeks to cheat its way into dominating key industries in the 21st century, especially artificial intelligence and machine learning. No other country has targeted our government, military, and corporations to seize intellectual property as aggressively as China has.
Take the Made in China 2025 initiative, for example, which aims to comprehensively upgrade both traditional and advanced sectors of Chinese industry. The goal is to position China as a leading player in global supply chains; additionally, it emphasizes increasing the use of domestic components from 40% to 70%. To achieve this, Chinese agents have engaged in outright theft: estimates suggest that one in five American companies has had its patents and trade secrets stolen.
Data centers are another target for Chinese hackers. Generative AI, which can produce original images, text, and code, and conceptualize designs, depends on access to large data sets for learning. By attacking data centers and corrupting data sets, Chinese hackers slow down the progress of this advanced technology toward reliability. Additionally, companies that unknowingly use contaminated data for analysis and projections end up with unusable results.
Chinese cyber espionage activities are backed by the CCP and are highly organized. China’s dominance in this area results from what analyst A. Jathindra describes in a Eurasia Review article as a “complex and sophisticated ecosystem,” with Sichuan and Hainan provinces emerging as hubs for talent development and the creation of specialized units. He suggests that cyber scam centers run by Chinese crime syndicates in secret compounds in Myanmar, Thailand, and Cambodia may also be connected to China’s officially sanctioned disruptive efforts.
Some of China’s cyber operations from recent decades reveal the extent and seriousness of their intent. Between 2013 and 2015, the federal Office of Personnel Management (OPM), a health insurer, and a credit reporting agency were hacked. The breach exposed sensitive information of over 20 million individuals — including names, birthdates, addresses, biometrics, job histories, health records, and financial details. The prime suspect was a team linked to China’s Ministry of State Security. Dmitri Alperovitch, CTO of cybersecurity firm CrowdStrike, which investigated the attack, described it as “a tremendous coup for China.” The data could be used to target American government employees and contractors for years.
Another well-coordinated attack, discovered in 2010, was Operation Aurora, which targeted Google, Adobe, and many Fortune 100 companies. Investigators found that the entry point was a zero-day vulnerability in Microsoft’s Internet Explorer, which was used to infect machines. Emails would then be sent containing malware links that connected to a command-and-control server in China. When recipients clicked on the links, the Chinese gained access to proprietary information, including source code, stored on their systems. The operation also compromised emails of Chinese rights activists and dissidents in America and aimed to find out if the identities of Chinese undercover agents had been exposed to the U.S. government.
Salt Typhoon, which began in 2021, is an ongoing operation through which China has gained access to “telecom, government networks, transportation, lodging, and military systems, not just in the U.S., but across 80 countries.” It exploits vulnerabilities in commonly used equipment to gain access. It does not spare ordinary people: hackers have accessed audio recordings of phone calls, text messages, IP addresses, phone numbers, and more from over a million users, including 'government targets of interest,” primarily in the D.C. area. The operation was first acknowledged in 2024, after American telecom and internet service providers were impacted. In 2025, the Department of Homeland Security (DHS) announced that the operation had compromised the network of a state’s Army National Guard and hacked committees of the U.S. House of Representatives.
In 2025, Silk Typhoon, a cyber espionage operation with one of the largest target footprints, was found to have infiltrated Treasury Department networks, breaking into about 400 computers and stealing over 3,000 files. Some of the sensitive stolen material related to law enforcement and asset control. Investigations by the Committee on Foreign Investments in the U.S. (CFIUS) were compromised.
Operation Cuckoo Bees, ongoing since at least 2019, is another campaign believed to have stolen trillions of dollars' worth of intellectual property from companies across North America, Europe, and Asia. Blueprints, formulas, diagrams, and other manufacturing data—resources that required thousands of man-hours and expertise—were simply siphoned off. No major sector was spared—formulas and research plans were stolen from pharma giants, cost-cutting and efficiency-raising innovations from solar panel makers, and blueprints for fighter jets and missiles from defense manufacturers.
Then there’s Volt Typhoon, which is believed to be operated by the PLA Cyberspace Force and has been active since 2021. It targets critical infrastructure—both government and private—by exploiting vulnerabilities in internet service providers. In 2023, the White House, the Defense Department, and other agencies stated that its goal is to slow down any potential military mobilization that the U.S. might initiate if China invades Taiwan.
Certain types of material, of course, cannot be stolen through cyber means. Therefore, traditional espionage involving agents who physically steal or purchase material or information—anything that could benefit Chinese interests—continues actively. One example involves something as fundamental as seeds—necessary to address China’s food shortage.
Instead of investing talent, time, and money in developing an elite seed line, Beijing-based DBN attempted to steal high-quality corn seeds from American companies and reverse-engineer the lines. In 2011, a DuPont Pioneer security guard caught Robert Mo, a Chinese-American scientist, digging around in an Iowa test field and filed a report. Later, Mo was again observed at a Monsanto field. The FBI was alerted and began surveilling his activities as part of Operation Purple Maze.
Mo and two accomplices were allowed to collect 100 kilos of genetically modified corn seed, worth millions of dollars. When they attempted to mail some of it from a FedEx in Chicago, the FBI replaced the seeds with outdated ones. At the right moment, agents swooped in on the suspects carrying dozens of seed samples and hundreds of cornfield photos. Mo was placed under house arrest. In 2016, he agreed to a plea deal, received a three-year prison sentence followed by deportation, and was ordered to pay $425,000 in restitution to Monsanto.
There is no reason to believe China will stop any form of espionage, as it is engaged in a relentless war for global dominance that it aims to win without direct conflict. Cyber-attacks allow China to operate remotely, so its hackers will only become more cunning.
In 2022, then-FBI director Christopher Wray stated that the bureau was opening a new China counterintelligence investigation every 12 hours, and they already had more than 2,000 underway. In 2024, he warned: “There has been far too little public focus on the fact that PRC hackers are targeting our critical infrastructure, including water treatment plants, our electric grid, oil and natural gas pipelines, and transportation systems. The risk that poses to every American requires our attention now.”
China’s efforts to destabilize our democracy and endanger our citizens must not be taken lightly. Our cyber borders need the same protection as our physical borders.
No comments:
Post a Comment