China has achieved the status of a “cyber superpower,” a designation that poses significant challenges to efforts to counter its cyber capabilities, according to Sandra Joyce, Vice President of Google Threat Intelligence Group.
During the Google Cloud Next 2025 event, Joyce highlighted the substantial growth in China’s cyber capabilities, including a notable uptick in zero-day vulnerability exploitation by Chinese state hackers since 2021. This surge in cyber activity has raised concerns about the ability of these actors to evade security controls and operate undetected within networks.
One worrying development is the prolonged cyber intrusion by the Volt Typhoon group into US government and critical infrastructure networks. Joyce pointed out that these actors are exploiting a “visibility gap” by focusing their efforts on devices where traditional endpoint detection and response solutions do not operate effectively, such as firewalls and edge devices.
Unlike other major nation-state cyber actors, China has refrained from launching destructive attacks and has focused primarily on espionage activities. Despite gaining access to critical infrastructure in the US and its allies, China has not demonstrated a willingness to engage in destructive cyber operations, unlike Russia, Iran, and North Korea.
Government officials have expressed concerns that China may be positioning itself within these systems to launch destructive attacks in the event of escalating geopolitical tensions or military conflict. Joyce acknowledged that while espionage remains China’s primary focus, there may be undisclosed capabilities that could be leveraged in the future.
While nation-state cyber activity garners significant attention, Joyce emphasized that financially motivated cybercriminals remain the primary threat. These cybercriminals often exploit basic security vulnerabilities, such as credential compromise and phishing attacks, to conduct their illicit activities.
Heather Adkins, VP Engineering at Google, noted that while the tactics employed by cybercriminals may not be particularly novel, the scale and automation of attacks have increased. The use of automated attacker platforms has enabled cybercriminals to conduct large-scale campaigns with minimal technical expertise, lowering the barrier to entry for aspiring hackers.
In conclusion, China’s emergence as a cyber superpower presents a significant challenge for cybersecurity efforts, with the country’s state-sponsored hackers demonstrating a high level of sophistication and evasiveness. While the focus remains on preventing nation-state cyber threats, the prevalence of financially motivated cybercriminals and the automation of attacks underscore the need for robust cybersecurity measures to protect against a range of cyber threats.