A recent research study has shed light on the extensive network of private cybersecurity firms, technology service providers, and universities that are actively aiding China in developing offensive cyber capabilities to further its military, economic, and geopolitical objectives. The study, conducted over a period of eight months, revealed that China’s offensive cyber capabilities are not solely controlled by the government but are supported by a complex ecosystem involving both state and non-state actors.
The findings of the study provide a deeper understanding of how Chinese cyber actors have successfully infiltrated critical infrastructure in the United States, breached government and business networks, and stolen defense data, trade secrets, and intellectual property from American entities and others worldwide. This network of collaboration has allowed China to have quicker access to cutting-edge technology and talent in critical areas such as artificial intelligence, big data analytics, 5G wireless, and cloud computing.
Dan Ortega, a security strategist at Anomali, emphasized the rapid development of China’s cyber-offensive capabilities through collaboration between tech companies and state entities. By leveraging the expertise of private companies, the Chinese government has been able to scale its cyber missions effectively and access vast data sets collected by these companies for more targeted and effective cyberattacks.
The report also highlighted the growing concerns in the United States regarding Chinese cyberattacks on critical infrastructure organizations, prompting warnings from government officials and industry leaders. The Office of the Director of National Intelligence identified China as the most active and persistent cyber threat to US government, private sector, and critical infrastructure networks in its 2024 annual report.
The study identified four main government stakeholders responsible for building and executing China’s cyber-offense capabilities: the People’s Liberation Army, the Ministry of State Security, the Ministry of Public Security, and the Ministry of Industry and Information Technology. These entities actively recruit or support private hackers and hacktivists in various cyber activities, including data theft and distributed denial-of-service attacks.
Under the current model, these government stakeholders are collaborating with hundreds of private companies, ranging from big players like Integrity Technology Group to smaller subcontractors like i-Soon, to carry out cyberattacks against foreign and domestic entities of strategic interest to China. The involvement of top technology companies like ThreatBook, Qihoo360, and Qi An Xin in both defensive and offensive security solutions indicates a significant overlap between the private sector and state-sponsored cyber operations.
Furthermore, the study highlighted the role of academic institutions in China’s cyber ecosystem, with many universities engaging in state-sponsored cyber-offense research. The willingness of Chinese companies to work for the government underscores a different set of business norms in China, where communist government-backed entities have different objectives and investments than capitalist businesses in Western nations.
As China’s cyber ecosystem continues to expand, experts warn of more sophisticated attacks and targeted breaches of intellectual property and critical infrastructure. The seamless flow of technology and expertise between the private sector and state-sponsored cyber operations in China creates opportunities for advanced supply chain compromises and social engineering attacks that can bypass traditional security controls.
In conclusion, the research study underscores the extent of collaboration between private entities and the Chinese government in developing offensive cyber capabilities, posing significant challenges for cybersecurity efforts in the United States and around the world. The complex and multilayered ecosystem supporting China’s offensive cyber capabilities requires a comprehensive approach to address the growing threat posed by state and non-state actors in the cyber domain.