A top American cybersecurity company warns in a new report that the global scale and sophistication of Chinese threats are unlike anything its analysts have ever seen.
A June report from Palo Alto Networks, based in Santa Clara, California, shows that the speed and skills of Chinese state-sponsored cyberattackers have reached unprecedented levels.
China hackers attack “within hours, and in some cases minutes” of new vulnerabilities being identified for exploitation, said Wendi Whitmore, Palo Alto Networks’ chief information security officer.
“I have been conducting investigations in this space specifically toward nation-state actors for almost 25 years, it’s been [a while], and we have never seen during that time frame, the scale of persistent threat activity that we’re seeing today from Chinese nation-state threat actors,” Ms. Whitmore said in the report.
As a result, Palo Alto Networks said, businesses must rethink all their defensive strategies to counter the escalating campaign.
The scope of China’s attacks is massive.
Palo Alto Networks identified “whole-of-government scale operations,” such as a hack last year that hit 23 government entities in Cambodia nearly simultaneously.
“The unprecedented scale and sophistication of today’s cyber threats, particularly from Chinese nation-state actors, demands more than incremental improvements to existing defenses,” the report said. “Organizations need comprehensive strategies that combine advanced technology with strong human leadership, proactive relationship building, as well as cultural transformation.”
China’s hackers are also bucking conventional trends. Palo Alto Networks said they have abandoned selective targeting for wholesale data theft.
Palo Alto’s team found that indiscriminate data theft by Chinese hackers is steadily growing. It said the shift reveals the hackers’ use of automated tools to conduct hacks and a new understanding that bulk data collection may reveal valuable targets when analyzed later.
Cybersecurity experts have long feared that hackers are collecting and saving encrypted information that they cannot decipher in hopes of a future emergence of a quantum computer capable of cracking the security wide open.
No one is safe from China’s sponsored hackers. Ms. Whitmore said allies of the Chinese government are just as likely to feel the effects of Chinese Communist Party espionage as those who are not on the party’s list of friends.
The geographical focus of China’s cyberattack operations has also provided a window into their broader aims.
“Many of the attacks have targeted critical infrastructure in Guam and the West Coast of the U.S., likely indicating the CCP’s focus on Taiwan and ensuring the U.S. cannot efficiently respond to potential conflict scenarios,” the report said.
The shift in focus corresponds with a strategic change in China’s use of cyberspace in modern warfare.
The formation of the Cyberspace Force of the People’s Liberation Army, launched in April 2024, is focused on offense and defense, according to a report published last week by the London-based intelligence firm Grey Dynamics.
“The Cyberspace Force plays a central role in China’s preparation for future conflicts, particularly in what the PLA calls ‘informatized warfare,’ a doctrine focused on controlling the flow of information across all domains,” Grey Dynamics’ report said. “By placing the unit directly under the [Central Military Commission], China ensures centralized control, operational discipline and strategic reach in cyberspace.”
This elevation of cyberspace internally means the cyberspace force is no longer subordinate to regional military theater commands. Grey Dynamics’ report said Beijing’s changes show it is now treating cyberspace as a core domain of warfare alongside air, land, sea and space.
“The Cyberspace Force does not operate in isolation,” the report said. “It works alongside space and psychological warfare units to disrupt an adversary’s entire decision-making chain.”
China’s Cyberspace Force relies on an internal research and development network to make the tools it deploys.
Grey Dynamics said this network includes Unit 32085 in Beijing, which conducts software exploitation and vulnerability research to make new attack tools. The 56th Research Institute in Wuxi works to develop encryption systems, semiconductors and quantum computing hardware.
“By consolidating offensive, defensive and electronic warfare capabilities under central command, the PLA has positioned cyberspace as a primary battlefield, not just a supporting tool,” the report said. “This force will almost certainly play a central role in any future conflict involving China.”
