African Union In 2020, Japan's
Computer Emergency Response Team (CERT) reported that a suspected Chinese hacking organization dubbed "Bronze President" had hacked and extracted footage from the AU Headquarters' security cameras.
ASEAN In 2022, Chinese state-affiliated hackers compromised the email system of the
ASEAN Secretariat.
Australia In May 2013,
ABC News claimed that the Chinese government stole blueprints to the headquarters of the
Australian Security Intelligence Organisation (ASIO). In May 2023, Australia, alongside other
Five Eyes member states, identified the Chinese government behind the "Volt Typhoon"
advanced persistent threat targeting critical infrastructure. In July 2024, government agencies from eight nations, including the
Australian Signals Directorate, released a joint advisory on APT40.
Belgium In April 2024, the Belgian
Foreign Ministry summoned the Chinese envoy after reports emerged that Chinese spies (APT31) hacked the laptops of key lawmakers such as the head of the Belgian Foreign Affairs Committee and former prime minister
Guy Verhofstadt.
Brazil In 2022, a Chinese advanced persistent threat called ChamelGang, or CamoFei, attacked the
presidency of Brazil in a cyber-espionage operation that used ransomware as a
cover, according to a report by
SentinelOne and
Recorded Future.
Canada Officials in the
Canadian government claimed that Chinese hackers compromised several departments within the federal government in
early 2011, though the Chinese government has denied involvement. In 2014, Canada's Chief Information Officer claimed that Chinese hackers compromised computer systems within the
National Research Council. In May 2023, Canada's
Communications Security Establishment identified the Chinese government as being behind the "Volt Typhoon" advanced persistent threat targeting critical infrastructure. In July 2024, government agencies from eight nations, including the Canadian Centre for Cyber Security, released a joint advisory on APT40. In response, Lipavský stated "[t]his just proves the assessment in our Security Strategy, which states that the rising assertiveness of China is a systemic challenge that needs to be dealt with in coordination with our trans-Atlantic allies."
Denmark In March 2025, Denmark's Centre for Cyber Security (CFCS) stated that the Danish telecom sector was being actively targeted by state-backed hackers from China.
European Union On 22 June 2020, during
COVID-19 pandemic, EU Commission President
Ursula von der Leyen called out the People's Republic of China for allegedly conducting
cyberattacks against EU hospitals and health care institutions. In May 2025,
Kaja Kallas condemned the People's Republic of China for what she called a "malicious cyber campaign" against the Czech
Ministry of Foreign Affairs and threatened sanctions. In March 2026, the EU imposed sanctions on China-based Integrity Technology Group and Anxun Information Technology for cyberattacks on multiple EU member states, including on critical infrastructure.
Finland In March 2021, the
Finnish Security and Intelligence Service said China's APT31 had targeted the country's parliament in a cyber attack. In March 2024, Finnish police confirmed that APT31 breached the
Parliament of Finland in March 2021.
France In May 2024, several French lawmakers, all belonging to the
Inter-Parliamentary Alliance on China (IPAC), revealed that they had been targeted by China's APT31.
Germany In July 2024, government agencies from eight nations, including Germany's
Federal Intelligence Service and
Federal Office for the Protection of the Constitution, released a joint advisory on APT40. Additionally, other instances of Chinese
cyberattacks against India's cyberspace have been reported in multitude.
Indonesia In 2021, Indonesia's
State Intelligence Agency (BIN), and other government institutions were reported to have been targeted by Mustang Panda, a China-based advanced persistent threat actor. BIN subsequently denied any compromise of their computer systems.
Israel Starting in 2019, Chinese state-sponsored espionage group UNC215 targeted Israeli government institutions, IT providers, and telecommunication firms in a series of attacks that attempted to disguise themselves as Iranian hackers.
Italy Between 2024 and 2025, cyber-intrusions linked to China into Italy's
Ministry of the Interior compromised the identity of 5,000
DIGOS officers. In July 2025, a hacker allegedly working with
Hafnium, Xu Zewei, was arrested in Milan. Italy extradited Xu to the United States in April 2026.
Japan In April 2021, Japan claimed that the Chinese military ordered cyberattacks on about 200 Japanese companies and research institutes, including
JAXA. In July 2024, government agencies from eight nations, including Japan's
National Police Agency, released a joint advisory on APT40.
Lithuania In April 2024, two Lithuanian lawmakers belonging to the
Inter-Parliamentary Alliance on China (IPAC) were reported to have been targeted by APT31.
Mongolia In April 2026, cybersecurity firm ESET Research reported a cyber-espionage campaign targeting entities in Mongolia, attributed to a previously undocumented China-aligned APT group. The campaign, described as “GopherWhisper” or “Burrow,” used tools written in the Go programming language to maintain persistent access to compromised systems while enabling data exfiltration.
The Netherlands In 2024, the
Dutch Military Intelligence and Security Service and the
General Intelligence and Security Service stated that Chinese state hackers penetrated a Dutch military network the prior year.
New Zealand In May 2023, New Zealand, alongside other Five Eyes member states, named the Chinese government as being behind the "
Volt Typhoon" advanced persistent threat targeting critical infrastructure. In March 2024, the
Government Communications Security Bureau and New Zealand Government accused the Chinese government via
APT40 of breaching its parliamentary network in 2021. In July 2024, government agencies from eight nations, including the New Zealand
National Cyber Security Centre, released a joint advisory on APT40. Norwegian parliamentary email accounts were breached by Chinese state hackers during the
2021 Microsoft Exchange Server data breach.
Paraguay In 2024, Flax Typhoon, an advanced persistent threat linked to the Chinese state, was found to have infiltrated Paraguayan government networks.
Philippines In the run-up the
2025 Philippine general election, the
National Intelligence Coordinating Agency (NICA) stated that Chinese government agents undertook online
influence operations in coordination with local proxies. NICA alleged that the Chinese embassy in Manila paid for a
troll farm on
Facebook and
Twitter to spread disinformation and promote Chinese state interests.
Russia Between 2024 and 2025, a Chinese advanced persistent threat group known as APT31 was reported to have launched attacks of Russian IT contractors for the government such as
Yandex Cloud. In June 2025, a leaked internal Russian
FSB memo raised concerns about China with respect to
industrial espionage of sensitive Russian technologies. Information on Russia's weaponry has increasingly been targeted by advanced persistent threats emanating from China.
Singapore In July 2025,
K. Shanmugam, Singapore's
Coordinating Minister for National Security, stated that the country's critical infrastructure was attacked by UNC3886, a cyber-espionage group linked to China.
South Korea In July 2024, government agencies from eight nations, including South Korea's
National Intelligence Service, released a joint advisory on APT40.
United States The United States has accused China of cyberwarfare attacks that targeted the networks of important American military, commercial, research, and industrial organizations. A Congressional advisory group has declared China "the single greatest risk to the security of American technologies" and "there has been a marked increase in cyber intrusions originating in China and targeting U.S. government and defense-related computer systems". China's cyberwarfare has expanded from cyber-espionage to "pre-positioning" activity for the sabotage and crippling of critical infrastructure. From 2023 to 2024, hacks originating from Chinese state-sponsored actors doubled to over 330. Chinese hackers also gained access to a
database containing
classified information about suspected spies, agents, and terrorists under surveillance by the US government. American security experts connected the Google attack to various other political and corporate espionage efforts originating from China, which included spying against military, commercial, research, and industrial corporations. Cyber-espionage has been aimed at both commercial and military interests.
Diplomatic cables highlight US concerns that China is exploiting its access to Microsoft source code to boost its offensive and defensive capabilities. A number of private computer security firms have stated that they have growing evidence of cyber-espionage efforts originating from China, including the "
Comment Group". China has denied accusations of cyberwarfare, and has accused
the United States of engaging in cyber-warfare against it, accusations which the United States denies. During 18 minutes on April 8, 2010, state-owned
China Telecom advertised erroneous network routes that instructed "massive volumes" of U.S. and other foreign Internet traffic to go through Chinese servers. A US Defense Department spokesman told reporters that he did not know if "we've determined whether that particular incident ... was done with some malicious intent or not" and China Telecom denied the charge that it "hijacked" U.S. Internet traffic. In 2011, a Chinese state TV program displayed outdated screenshots of a Chinese military institute performing cyber attacks on a US-based dissident entity. The direct visual evidence from an official Chinese source challenges China's claims that it never engages in overseas hacking for government purposes. In May 2014, a federal
grand jury in the United States
indicted five
PLA Unit 61398 officers on charges of theft of confidential business information from U.S. commercial firms and planting
malware on their computers. To Chinese experts, the charges demonstrated the sophistication of the United States ability to attribute cyberattacks. and in October 2014, The FBI added that hackers, who they believe to be backed by the Chinese government, have recently launched attacks on U.S. companies. In 2015, the
U.S. Office of Personnel Management (OPM) announced that it had been the target of a
data breach targeting the records of as many as 21.5 million people.
The Washington Post reported that the attack came from China, citing unnamed government officials.
FBI director James Comey explained "it is a very big deal from a national security perspective and a counterintelligence perspective. It's a treasure trove of information about everybody who has worked for, tried to work for, or works for the United States government." In October 2018,
Bloomberg Businessweek published a report, citing unnamed corporate and governmental sources, which claimed that the PLA had forced
Supermicro's Chinese sub-contractors to add microchips with hardware backdoors to its servers. The report claimed that the compromised servers had been sold to U.S. government agencies (including the CIA and Department of Defense) and contractors and at least 30 commercial clients. In 2019, a study showed continued attacks on the US Navy and its industrial partners. In 2020, as the coronavirus spread globally, intelligence agencies—including China’s—reportedly turned to hacking to gather information on vaccine development. That May, the
Federal Bureau of Investigation and CISA publicly accused China-linked cyber actors of targeting U.S. institutions to steal COVID-19 research and health data. In February 2020, a US federal grand jury charged four members of the PLA with the
2017 Equifax hack. The official account of FBI stated on Twitter that they played a role in "one of the largest thefts of personally identifiable information by state-sponsored hackers ever recorded". The
Voice of America reported in April 2020 that "U.S. intelligence agencies concluded the Chinese hackers meddled in both the 2016 and 2018 elections" and said "there have already been signs that China-allied hackers have engaged in so-called "spear-phishing" attacks on American political targets" ahead of the
2020 United States elections. In March 2021,
United States intelligence community released analysis in finding that China had considered interfering with the election but decided against it on concerns it would fail or backfire. In April 2021,
FireEye said that suspected Chinese hackers used a zero-day attack against Pulse Connect Secure devices, a VPN device, in order to spy on dozens of government, defense industry and financial targets in the U.S. and Europe. In May 2023,
Microsoft and Western intelligence agencies reported that a Chinese state-sponsored hacking group affiliated with the PLA called "Volt Typhoon" had targeted critical infrastructure and military installations in
Guam, Hawaii, Texas and elsewhere. In January 2024, US authorities stated that they disrupted an operation by Volt Typhoon that had access to critical infrastructure in the US for at least five years. In February 2024,
OpenAI announced that it had shut down accounts used by the Charcoal Typhoon and Salmon Typhoon hacking groups. The groups had been using their services to research companies, intelligence agencies, cybersecurity tools and evasion techniques, translate technical papers, write and refactor code, and create phishing campaign content. The same month, leaked documents from an MSS, PLA, and MPS contractor based in Shanghai called
I-Soon, also known as Auxun, provided details into a campaign to harass
dissidents, activists, critical academics, and
Uyghurs overseas. In July 2024, government agencies from eight nations, including the United States National Security Agency and
Cybersecurity and Infrastructure Security Agency, released a joint advisory on APT40. In October 2024, backdoors mandated by the 1994
Communications Assistance for Law Enforcement Act, which forces internet providers to provide backdoors for government authorities, were found to have been employed by China to tap communications in the U.S. using that infrastructure for months, or perhaps longer; China recorded presidential candidate campaign office phone calls —including employees of the then-vice president of the nation– and of the candidates themselves. In November 2024, Texas governor
Greg Abbott ordered state agencies to harden critical infrastructure from cyberattacks from threats emanating from the PRC. In December 2024, the U.S. moved to crack down on China Telecom's cloud operations in the U.S. in response to the
2024 United States telecommunications hack. The same month, Chinese state-backed hackers were accused of obtaining a security key and accessing unclassified documents of the
United States Department of the Treasury. In December 2024, the
Office of Foreign Assets Control (OFAC) sanctioned the Integrity Technology Group, an organization believed to be behind the Flax Typhoon APT. In January 2025, the computers of the
US Secretary of the Treasury and several of her lieutenants were accessed by Chinese hackers. In March 2025, the
U.S. Department of Justice indicted 10 Chinese nationals who worked for MPS or its contractor I-Soon, also known as Auxun Information Technology. A 2025
Czech Technical University study found that multiple Chinese academics have produced studies on how to optimally target U.S. electric grids. In July 2025, the
National Nuclear Security Administration was reported to have breached by Chinese state-sponsored advanced persistent threat groups dubbed Linen Typhoon, Violet Typhoon and Storm-2603. According to
Axios, citing research from the cybersecurity firm Dream Security, a suspected China-based hacking group also conducted a phishing campaign during Christmas 2025 that mimicked U.S. policy briefings and targeted diplomats.
Taiwan Comparing the semiconductor industry in China mainland and Taiwan today, Taiwan is the leader in terms of overall competitiveness. On 6 August 2020,
Wired published a report, stating that "Taiwan has faced existential conflict with China for its entire existence and has been targeted by China's state-sponsored hackers for years. But an investigation by one Taiwanese security firm has revealed just how deeply a single group of Chinese hackers was able to penetrate an industry at the core of the Taiwanese economy, pillaging practically its entire semiconductor industry." In 2025,
Proofpoint published a report stating that China-linked hackers have targeted Taiwanese microchip companies such as
TSMC,
MediaTek,
United Microelectronics Corporation,
Nanya Technology, and
Realtek with sustained campaigns. In 2025, there were on average 2.6 million Chinese cyber-attacks per day on Taiwanese infrastructure, according to the country's
National Security Bureau.
Turkey In May 2025, the
Turkish National Intelligence Organization (MIT) reportedly dismantled a Chinese cyber-espionage cell in Istanbul, accused of using ghost base stations to collect communication data and user information and conduct surveillance of Turkish public officials and Uyghur Turks.
Ukraine In April 2022,
The Times reported that days prior to the start of the
2022 Russian invasion of Ukraine, a cyberwarfare unit of the PLA launched cyberattacks against hundreds of Ukrainian government sites, according to officials of the
Security Service of Ukraine.
United Kingdom In May 2023, the UK's
National Cyber Security Centre, alongside other Five Eyes member states, identified the Chinese government behind the "Volt Typhoon" advanced persistent threat targeting critical infrastructure. In March 2024, the UK government and the United States Department of the Treasury's Office of Foreign Assets Control (OFAC) jointly sanctioned a Chinese MSS front company called Wuhan Xiaoruizhi Science and Technology and affiliated individuals for
breaching the
Electoral Commission and placing malware in critical infrastructure. In July 2024, government agencies from eight nations, including the UK's National Cyber Security Centre, released a joint advisory on APT40.
The Vatican In July 2020, it was reported that Chinese state-sponsored hackers operating under the named RedDelta hacked the Vatican's computer network ahead of negotiations between China and the Vatican.
Vietnam In 2012, Chinese state-sponsored hackers attacked
PetroVietnam,
Vietnam News Agency, and
Vietnam Post. During the
Hai Yang Shi You 981 standoff in 2014, multiple Vietnamese government websites were attacked by Chinese hackers. In 2020, Vietnamese government officials were targeted in
phishing campaigns by the China-based state-sponsored hacking group Pirate Panda. In 2023, Vietnam publicly named several Chinese advanced persistent threat groups targeting it. ==See also==