The United States is currently experiencing an unprecedented surge in Chinese hacking activity, which U.S. officials and cybersecurity experts attribute to a new, less constrained economic model for cyber offense employed by Beijing. This model moves beyond traditional government-led operations, now involving private Chinese companies that recruit top hackers to discover “zero-day” vulnerabilities in widely used software. These companies then exploit these flaws en masse, selling access to multiple Chinese government customers and other security firms. This “hacking-for-hire” approach vastly increases the number of victims, making it significantly more challenging for U.S. agencies like the FBI to identify key targets and mitigate attacks.
The scale of these attacks has more than doubled from 2023 to 2024, with security firm CrowdStrike reporting over 330 incidents last year, and the trend continuing to climb. Experts like Dakota Cary of SentinelOne describe this period as China’s “golden age of hacking,” noting that while bursts of espionage are typical with new administrations, the current intensity is unique. Moreover, the Chinese government appears undeterred by U.S. indictments and public condemnations, which previously had some deterrent effect. This defiance stems from China’s confidence in cyberspace, a domain where it is willing to accept significant political risk with the U.S.
One of the most concerning aspects of this new strategy is China’s mastery of moving undetected through compromised U.S. networks. By routing their attacks through compromised domestic devices, Chinese hackers make the final connection appear as an ordinary U.S. transmission, bypassing technologies designed to block overseas links and falling outside the purview of the NSA, which is legally restricted from scrutinizing most domestic transmissions. This sophisticated technique further complicates attribution and defense efforts.
Chinese hackers are also increasingly focusing on compromising software and security vendors, as this grants them access to a multitude of customers simultaneously. Once access is gained, they often create new, legitimate-looking email and collaboration accounts to maintain persistence. The intensified hacking strategy was brought to light last year through leaked files from iSoon, a Chinese security contractor that works with the Chinese military and government. These files detailed contracts, targets in various countries, and even pricing for hacking services, further exposing the “hacker-for-hire ecosystem” in China.
Beyond collaboration with private security firms, there is also evidence of occasional collaboration between Chinese government-affiliated groups and criminal organizations. This includes instances where corporate files in the U.S. were encrypted with ransomware, with some security companies reporting ransomware being used by Chinese groups in other countries to create plausible deniability for the government. Despite these accusations, the Chinese Embassy maintains that such claims are “groundless and unreasonable,” and asserts that the U.S. has carried out its own long-term, systematic cyberattacks on China.
Reference: