Chinese state-linked hackers (UAT-7810) developed LONGLEASH malware to expand ORB botnet infrastructure by compromising unpatched Ruckus routers and other internet-facing devices.
Cyber Operations
State-linked APTs (Volt Typhoon, Salt Typhoon, Mustang Panda), critical-infrastructure intrusions.
China-aligned APT exploited Roundcube webmail vulnerabilities to target U.S. and Canadian university physics and engineering departments for credential theft and likely intellectual property collection.
PRC conducted first known strategic submarine-based missile launch; NATO leadership flagged escalating military threat to Western interests.
China-aligned APT group exploited Roundcube vulnerabilities to breach U.S. and Canadian university networks, targeting physics and engineering departments for data theft and persistent access.
PRC conducted a submarine-launched ballistic missile test in the Pacific concurrent with Australia-Fiji defense pact, signaling military capability and geopolitical assertiveness in waters affecting Western interests.
PRC research vessel conducted oceanographic survey east of Taiwan with dual-use data potentially applicable to military underwater operations.
Security researchers documented a suspected China-nexus threat group deploying remote-access malware against Indian tax officials and finance professionals via spear-phishing, representing state-linked cyber espionage targeting sensitive financial data.
China and Russia plan joint naval and air exercises in the Pacific, signaling deepened military coordination between two U.S./Western strategic competitors.
Analysis warns that Chinese LLM advances may enhance capabilities for cyber attackers relative to defenders, raising U.S. cybersecurity concerns.
Expert analysis warns that PRC quantum-computing advances pose a national-security threat by potentially rendering current encryption obsolete, with U.S. officials characterizing the development as part of a global quantum arms race.
Japan is investigating malicious USB drive viruses linked to Chinese military in connection with an earlier cyberattack plot.
Analysts report China-based cyberattack actors are expanding targeting beyond technology sector as U.S.-PRC AI competition escalates.
PRC, Russia, and Iran are conducting sabotage operations against U.S. water systems by exploiting basic vulnerabilities in critical infrastructure.
China-aligned APT Mustang Panda conducting active cyber espionage campaigns against Indian government and hydropower infrastructure using Zoho WorkDrive as command channel, with documented compromises of senior administrative systems.
Microsoft disclosed that PRC state-sponsored hackers exploited SharePoint vulnerabilities to target businesses and government agencies globally, contributing to Microsoft's worst monthly stock performance since 2000.
Chinese-speaking APT group CL-STA-1062 deployed custom TinyRCT backdoor targeting Southeast Asian government and energy infrastructure; attribution by Palo Alto Networks.
PRC-developed open-source AI model GLM-5.2 is raising cybersecurity concerns due to advanced hacking capabilities and ease of weaponization by malicious actors.
China-linked malware was discovered pre-installed on USB drives sold through online retailers, posing supply-chain cybersecurity risks to U.S. and Western consumers.
Nikkei investigation documents Japan Defense Forces' use of USB drives infected with a China-linked virus, highlighting cybersecurity vulnerabilities in a U.S.-allied military organization.
U.S. officials warn that China's advanced open-source AI model GLM-5.2 could accelerate cyber threats and surveillance capabilities, highlighting concerns about PRC technological parity and potential for state-linked cyberattacks.
Chinese Academy of Sciences is developing a sea-skimming hypersonic missile capability with potential strategic implications for U.S. and Western Pacific interests.
UK NCSC reports that 75% of cyberattacks on critical infrastructure are state-linked, with Russia, China, and Iran identified as key perpetrators responsible for ~200 incidents annually.
UK National Cyber Security Centre reports 200+ cyber incidents against critical infrastructure in past year, with three-quarters attributed to state-linked actors including China, targeting nuclear, energy, healthcare, and aviation systems.
UK's National Cyber Security Centre reports over 200 cyber incidents against critical infrastructure in past year, with three-quarters attributed to state-linked actors including China, Russia, and Iran.
PLA scientists published a plan for anti-ship operations against U.S. carrier groups at extended range, reported as a scientific development by SCMP.
China-nexus threat group FishMonger deployed SprySOCKS malware variants with kernel-driver evasion against government targets in Honduras, Taiwan, Thailand, and Pakistan.
Cybersecurity researchers discovered Windows variants of the China-linked SprySOCKS backdoor with enhanced stealth capabilities and C2 configurations.
Google threat hunters identified UNC6508, a PRC state-sponsored APT active since 2023, that infiltrated U.S. and Canadian government and private sector networks using custom backdoor INFINITERED to steal data from academia, medicine, and military sectors.
China-linked APT group conducted sustained espionage campaign against North American medical, academic, and military research networks via REDCap backdoor and Google Workspace abuse to exfiltrate sensitive research and defense communications.
Google disrupted a China-linked cyber campaign that stole RedCAP credentials to target US researchers and institutions over a year-long campaign exfiltrating sensitive data.
China-linked APT actors deployed InfiniteRed malware against exposed REDCap servers at a North American medical institution to exfiltrate sensitive research data.
FBI dismantled Outsider Enterprise, a Chinese phishing-as-a-service operation using AI to generate phishing websites targeting U.S. consumers for credential and payment-card theft.
Chinese state-linked hackers maintained a decade-long persistent breach of an organization's authentication infrastructure to conduct sustained espionage on an isolated network.
PRC navy is developing and testing a 155mm naval gun system, signaling potential advancement in conventional naval weapons capability.
FBI and partners dismantled China-based cybercrime network 'Outsider' that conducted $1.9B in phishing attacks using AI-powered tools to steal financial and personal data.
Google sued a Chinese cybercrime network for misusing its Gemini AI to develop phishing malware ('Outsider') targeting consumer funds.
Google alleges a Chinese cybercrime network deployed phishing-as-a-service using Gemini AI to target American victims via SMS.
China-nexus APT group (Velvet Ant) embedded persistent backdoors in Linux authentication systems (PAM/OpenSSH) to maintain hidden access in targeted networks for ~10 years, evading detection and standard remediation.
Article alleges PRC possesses deep-sea cable-cutting capability as potential weapon against submarine infrastructure; 17 nations excluding China and US forming defensive coalition.
Article reports PRC and North Korean state-linked cybercriminal threat groups conducting financial and business targeting in Asia-Pacific with spillover implications for Western interests.
PRC operatives are rebuilding Volt Typhoon botnets (JDY cluster with 1,500+ compromised devices targeting US military/infrastructure) and conducting influence operations using AI tools to promote narratives about AI datacenter energy costs.
Cybersecurity researchers document expansion of China-linked JDY botnet comprising 1,500+ compromised devices used for centralized cyber reconnaissance operations.
JDY botnet, linked to Chinese threat actors including Volt Typhoon, has expanded reconnaissance operations targeting U.S. military networks.
UK government has weakened proposed cybersecurity defenses against Salt Typhoon (PRC espionage campaign) following industry lobbying, complicating the counterintelligence response to documented Chinese state APT activity.
CEO advisory article cites cyberattacks and Pentagon accusations against Chinese companies as top business threats in geopolitical context.
PRC conducted test flight of airborne electromagnetic detection system (Atem) potentially capable of detecting nuclear submarines, representing advancement in anti-submarine warfare capability.
Security firm Volexity attributed deployment of BSD BRICKSTORM backdoor and related malware targeting Linux systems to VerdantBamboo, a China-nexus APT group, with overlaps to Microsoft-tracked Clay Typhoon.
Expert analysis warning that China may develop advanced AI models comparable to U.S. systems within 6-12 months, posing cybersecurity risks from AI-enabled cyberattacks against U.S. and Western infrastructure.
PLA tracked Dutch warship De Ruyter transiting Taiwan Strait and accused it of airspace intrusion; prior incident involved electronic interference with the same vessel.
Fox News analysis of PRC military modernization goals, anti-satellite capabilities, and technological advances through 2049, featuring expert commentary on strategic implications for U.S. competition.
Chinese APT UNC5221 deploying new malware (Brickstorm, Plenet, AgentPSD) to maintain persistence in compromised Microsoft 365 environments for espionage.
Cybersecurity researchers identified PRC-linked threat cluster OP-512 conducting espionage-focused operations against Microsoft IIS servers using custom web shells.
Investigation reveals Russian censorship infrastructure (TMCT) has inadvertently exposed technical signatures of Chinese DPI (deep packet inspection) technology, potentially revealing Chinese surveillance-system components.
UK MP raises unverified concerns that smart vapes may contain surveillance hardware linked to China, without documented evidence of active PRC surveillance operations.
TA4922, a China-linked cybercrime group, is expanding its attack operations beyond East Asia into global targets.
China-linked cybercrime group TA4922 expanding phishing campaigns using ValleyRAT and Atlas RAT malware across UK, Germany, Italy, and South Africa.
PRC has launched a new sailless submarine class designed to evade detection and threaten undersea infrastructure in the Indo-Pacific, representing an advancement in naval-warfare capability.
Security researchers identified a five-month espionage campaign targeting a stock-exchange executive's email, using cloud storage for data exfiltration; attribution to PRC not explicitly stated but espionage motive confirmed.
Chinese-linked cybercrime group deploying new Atlas RAT malware in expanded European cyberattacks.
PRC-linked cyberattack using Azureveil malware and spear-phishing targets Czech organizations for data theft.
Seqrite Labs identified Operation Dragon Weave, a China-aligned cyber espionage campaign targeting Czech Republic and Taiwan government/research sectors via spear-phishing with AdaptixC2 malware.
PRC scientists developed autonomous drone-swarm algorithm (HG-STR) for warfare in contested environments, claiming 100% target-elimination capability.
PLA Southern Theatre Command alleged it used electronic interference against Dutch frigate De Ruyter operating in disputed South China Sea waters near Paracel Islands.
CYBERCOM official discusses strategy to compete with PRC's numerical advantage in offensive cyber operations by emphasizing quality over quantity.
UK GCHQ chief warns that China possesses advanced AI capabilities with offensive cyber implications and calls for global AI security cooperation.
Analysis of U.S. development of offensive anti-satellite capabilities in response to Chinese military satellite capabilities and the risks of escalation due to inadequate communication channels.
Expert analysis of PRC's AI-integrated electronic warfare strategy and its potential military implications for electromagnetic-spectrum dominance.
Bipartisan lawmakers warn that Trump-proposed $707M CISA budget cuts undermine U.S. defensive capacity against PRC nation-state cyber threats to critical infrastructure.
Chinese APT groups deployed Linux backdoor 'Showboat' against Central Asian telecom providers to enable espionage operations against communications infrastructure.
Chinese state-linked hackers deployed two new malware variants (Showboat and JFMBackdoor) targeting U.S. and Western telecommunications infrastructure in an ongoing espionage campaign.
Analysis alleges Binance's Android app embeds PRC-linked tracking SDKs (ByteDance, Tencent) that harvest sensitive user financial and personal data.
China and Russia announced a joint partnership to develop AI, cyberspace capabilities, and satellite systems while reducing Western technology dependence, signaling coordinated advancement in dual-use technologies affecting U.S. and Western security interests.
China-aligned threat actor Webworm deployed custom backdoors targeting U.S. government agencies via Discord and Microsoft Graph API since at least 2022, documented by Symantec and flagged by researchers in 2025.
Analysis of Salt Typhoon's multi-year PRC cyber campaigns against U.S. telecom networks as evidence of China's shift toward data-centric intelligence collection at scale.
Huawei zero-day vulnerability allegedly caused Luxembourg's entire telecoms network outage; incident unacknowledged by company with technical details still unexplained.
A developer account based in Hangzhou, China was compromised to inject malware into 314 npm packages, affecting popular U.S./Western software dependencies in supply-chain attack.
Article reports Bitdefender's allegation of a Chinese cyberattack on an Azerbaijani oil-and-gas company, and notes PRC focus on developing alternatives to Nvidia accelerators (tech competition rather than illicit transfer).
China has been operating inspector satellites in geosynchronous orbit since 2018 for surveillance of other spacecraft, alongside U.S. and Russian similar programs.
Trump reported discussing bilateral US-China cyberattacks and espionage operations with Xi Jinping, addressing cyber-security concerns between the two nations.
Crowdstrike counter-adversary chief provides expert analysis on cyber threats posed by PRC and North Korea to U.S. interests.
PRC-linked APT group 'FamousSparrow' conducted cyberattacks against Azerbaijani energy sector, signaling expansion of targeting patterns in critical infrastructure.
PRC-linked APT FamousSparrow conducted repeated Microsoft Exchange exploitation against Azerbaijani energy infrastructure from December 2025–February 2026, indicating expanded targeting patterns.
US government expresses concern about PRC threat to undersea cable infrastructure.
Former US intelligence official alleges China and Russia are devoting disproportionate resources to attacking undersea cable infrastructure carrying 99% of global data and supporting trillions in daily transactions.
Palo Alto Networks disclosed a critical PAN-OS RCE vulnerability (CVE-2026-0300) with active exploitation attempts potentially enabling root access and espionage, though no specific PRC attribution is stated in the summary.
Kaspersky detected Chinese hackers compromising Daemon Tools software with a backdoor, achieving thousands of infection attempts and at least a dozen successful breaches of Windows systems.
China-linked APT group UAT-8302 targeting government entities in South America and southeastern Europe with custom malware since late 2024, tracked by Cisco Talos.
China-backed APT group Silver Fox conducted tax-themed phishing campaigns delivering malware (ABCDoor, ValleyRAT) against organizations in India and Russia.
Cybersecurity researchers attribute China-linked APT campaign (SHADOW-EARTH-053) targeting Asian governments, NATO member, journalists, and activists to PRC state-sponsored espionage operations.
FBI cyber official characterizes China's hacker-for-hire contracting ecosystem as uncontrolled, citing recent extradition case as evidence of PRC-linked cyber activity targeting US interests.
China-linked threat group infiltrated over a dozen critical networks in Poland and Asia starting December 2024 using sophisticated cyber espionage tactics.
FBI extradites Chinese national Xu Zewei to the U.S. on charges of hacking U.S. COVID-19 research, with alleged involvement by Chinese intelligence agencies.
Chinese national Xu Zewei, allegedly part of state-sponsored Silk Typhoon APT, extradited to U.S. for cyberattacks on American government and organizations targeting COVID research in 2020-2021.
Chinese national Xu Zewei extradited to U.S. for alleged role in HAFNIUM/Silk Typhoon cyber-espionage campaign targeting Microsoft Exchange vulnerabilities to steal COVID-19 research data from 12,700+ U.S. organizations under direction of China's intelligence services.
Chinese national leading Silk Typhoon APT extradited from Italy to US to face cyberespionage charges linked to PRC intelligence services.
Xu Zewei, accused member of a PRC government-linked hacking group, extradited to U.S. for cyberattacks on thousands of American organizations and theft of COVID-19 research.
Italian authorities extradited a Chinese national accused of participating in PRC state-backed cyber operations targeting COVID-19 vaccine intellectual property to the United States.
Zscaler researchers attributed a cyber campaign using trojanized SumatraPDF and AdaptixC2 malware to Tropic Trooper, a PRC-linked APT group targeting Chinese-speaking individuals.
Tropic Trooper, a Chinese state-sponsored APT, is expanding cyber operations targeting home routers and Japanese entities with new tools and tactics.
PRC state-backed hacking groups are using industrialized botnet networks to conduct scalable cyber operations with plausible deniability against U.S. and Western targets.
Joint advisory from 10 countries reports PRC-linked threat actors are compromising routers and IoT devices globally to build proxy networks for cyberattacks and data theft.
A dozen allied agencies warn that China-nexus cyber actors are deploying large-scale covert botnet infrastructure using compromised SOHO routers and IoT devices for reconnaissance, malware delivery, and espionage operations against Western targets.
ESET identified China-linked APT group GopherWhisper targeting Mongolian government networks since November 2023 using Slack and Discord for command-and-control, discovered via previously unknown backdoor in January 2025.
UK NCSC and international partners reported that China-nexus hackers are using large-scale proxy networks of hijacked consumer devices to evade detection and mask malicious activities.
UK's NCSC and international partners warn that China-linked hacking groups are exploiting everyday IoT devices (Wi-Fi routers) to conduct espionage operations against British businesses.
UK NCSC and 10 allied nations warn that China-linked hacking groups are exploiting everyday devices like Wi-Fi routers to conduct espionage against British businesses.
PRC-linked APT group GopherWhisper deployed Go-based backdoors to infect 12 Mongolian government systems, identified by ESET security researchers.
Dutch intelligence assesses that PRC cyber capabilities now match US capabilities, with operations frequently evading detection by Western cybersecurity and intelligence defenses.
Cybersecurity researchers identified a new LOTUSLITE malware variant attributed to Mustang Panda (PRC-linked APT) targeting Indian banks and South Korean policy institutions with remote-access and espionage capabilities.
US Treasury Department compromised by Chinese state-sponsored cyberattack via third-party software provider, creating potential disruption to US funding markets.
APT41, a China-backed threat group, is conducting targeted cyber operations against major U.S. and Western cloud providers (AWS, Google, Azure) using typosquatting and undetectable backdoors to harvest cloud credentials.
PRC-linked BPFdoor malware has been upgraded to enhance espionage capabilities against global telecommunications companies, bypassing standard cybersecurity defenses.
House Select Committee on the CCP reports that China integrates civilian fishing fleets with military command structures and deploys them as maritime militia for diplomatic, military, and intelligence purposes near China's borders.
ESET researchers identified China-aligned APT group LongNosedGoblin conducting cyberespionage targeting governmental institutions in Southeast Asia and Japan using Group Policy deployment methods.
DOJ and FBI led international operation to remove PlugX malware attributed to China-backed hackers from thousands of infected computers worldwide.
FBI and CISA jointly announced investigation into significant PRC cyber espionage campaign targeting U.S. commercial telecommunications infrastructure.
FBI Director announced disruption of Chinese botnet attributed to Flax Typhoon hacker group and exposure of the group's true identity through international coordination.
FBI Director Wray characterizes PRC government cyber threats to U.S. critical infrastructure as broad, unrelenting, and posing immediate national and economic security risks.
FBI Director Wray testified that Chinese government hackers now target the entire U.S. population, characterizing it as an escalating national security threat requiring increased FBI resources.