Skip to main content

State-Sponsored Cyber Threats: China

Since 2002, the leaders of the People’s Republic of China have made the modernization of China’s armed forces one of their highest priorities. Military leaders have committed themselves to propelling the People’s Liberation Army (PLA) from a 20th century mechanized force into a 21st century information-based military second to none.

Consequently, buoyed by a rapidly growing economy, regular increases in annual defense spending have enabled the Chinese to build an enormous cyber warfare capability. This progression has allowed China to become one of the world’s leading cyber powers, and also the world’s default suspect for damaging hacks.


Media reports suggest that China may directly employ as many as 30,000 “cyberspies” within the PLA. Over 150,000 additional private-sector computer experts augment this force. Carefully cultivated pools of talent throughout the country’s universities sustain these incredible numbers. There the PLA partners with the Ministry of Education to fund classes and hacker competitions meant to nurture future talented recruits.

Naturally, China’s principal method of attack is via brute force, or overwhelming numbers of small, low quality, and persistent information breaches. As an example, the University of Wisconsin, one of dozens of universities targeted for their intellectual property, asserted in 2013 that its networks encountered nearly 100,000 attempted breaches per day from China alone.

Most of these attacks take the form of either spear phishing or distributed denial of service (DDoS) attacks. A prominent example of the latter occurred this past March, when the website of the source code repository Github was knocked offline for several days due to a flood of web traffic intentionally redirected from the popular Chinese search engine Baidu.

The most talented and dangerous hackers work as “for hire” experts in the private sector. These groups tend to exhibit a level of sophistication far in advance of typical government hackers. One such group, Hidden Lynx, has been identified as one of the world’s leading hacker groups possessing the ability to use customized Trojans and advanced watering holes to infiltrate its targets. Organizations like these have proven to be highly adaptable and capable of executing focused attacks against multiple organizations on a global scale.


As part of its intelligence collection efforts, China has targeted numerous government agencies in the United States and around the world. The most recent and prominent example is the theft of personal data of 18 million federal workers announced by the US Office of Personnel Management in June. While not officially accused by the White House, dozens of leading US officials in Congress and the Executive Branch have pointed their fingers squarely at Beijing.

In line with their security objective, China’s hackers have also launched attacks against leading defense contractors like Lockheed Martin, Northrop Grumman, and L-3 Communications, with the goal of securing information on cutting-edge weapons systems and prominent military officials.

China’s cyber warriors have launched numerous retaliatory attacks against leading media organizations, including The New York Times, The Wall Street Journal, and The Washington Post, following the publication of information critical of the Chinese government. Similarly, companies such as Google, that offer users access to information related to sensitive topics within China, like human rights, corruption, or separatist movements, have been targeted as well.


The highest priority of China’s leaders remains peaceful economic development. As a result, most of the country’s cyber activity is benign in nature. The biggest motivations behind China’s offensive cyber activity are intelligence collection and economic espionage. Hackers therefore aim to collect information that will either inform Chinese policy makers’ decision-making or provide domestic firms a competitive edge in the marketplace.

Naturally, the PLA’s cyber warfare programs have more martial elements as well. Chinese defense planners are constantly devising ways of closing the huge technological gap that remains between China and its primary external threat, the United States. Chinese cyber warriors are therefore employed to find vulnerabilities in US defense networks that can be exploited during a potential conflict in ways that constrain the actions or slow the response time of American military forces. Critical infrastructure, which in the event of war would likely be targeted for sabotage, has also been a focus of Chinese hacks.

Chinese leadership has placed an even greater emphasis on internal threats, having devoted significant resources toward hunting down information about political dissidents and human rights activists. In the past, hackers have specifically targeted webmail providers such as Google to gain access to the private email accounts of such people.


China’s president, Xi Jinping, has pronounced his desire to make China a world-class cyber power publicly on numerous occasions. It is therefore highly unlikely that the PLA’s efforts to further develop the nation’s cyber warfare capabilities will abate anytime soon.

The composition of Chinese cyber attacks, however, is likely to evolve in the coming years. As China’s economy matures, the need for economic espionage should eventually subside. Hacks launched by the PLA will therefore become increasingly focused on internal and external security concerns. As China grows more powerful and confident as a world power, more flagrant and politically motivated attacks against private organizations, as with Github, may grow more frequent.