Digital Dragon Unleashed: China’s Cyber Warfare on America
84
post-template-default,single,single-post,postid-84,single-format-standard,bridge-core-3.3.3,qode-optimizer-1.0.4,qode-page-transition-enabled,ajax_fade,page_not_loaded,,qode-title-hidden,qode_enable_button_white_space,qode-smooth-scroll-enabled,qode-theme-ver-30.8.5,qode-theme-bridge,disabled_footer_bottom,qode_advanced_footer_responsive_1024,wpb-js-composer js-comp-ver-8.1,vc_responsive

23 Feb Digital Dragon Unleashed: China’s Cyber Warfare on America

Posted at 21:33h in Analysis by

Por,

Dr. Luis O. Noguerol – Senior Fellow, CYBER, AI and Quantum Computing MSI2

The People’s Republic of China (PRC) has emerged as one of the most significant cybersecurity threats to the United States, targeting critical infrastructure, government agencies, private corporations, and small businesses. This threat is characterized by state-sponsored cyber espionage campaigns, intellectual property theft, and pre-positioning for potential disruptive attacks. Below is a brief analysis of why China poses such a threat, supported by statistical data and references.

Scale and Persistence of Chinese Cyber Threats

China is widely recognized as the most active and persistent cyber adversary to the United States. According to the Office of the Director of National Intelligence (ODNI), Chinese state-sponsored actors consistently target U.S. government networks, private sector entities, and critical infrastructure systems 

Also, the FBI Director Christopher Wray highlighted that the FBI opens new cases to counter Chinese intelligence operations roughly every 12 hours, underscoring the scale of the threat. This assertion reflects the existence of pallet evidences that substantiate the irrefutable actions of China versus the US, including private and public sector (5).

Some Key Statistics:

80% of economic espionage prosecutions in the U.S. involve activities benefiting China (5).

60% of trade secret theft cases have a nexus to China (5).

Between February 2021 and August 2024, there were over 55 Chinese Communist Party (CCP) related espionage cases across 20 U.S. states (5).

Targeting Critical Infrastructure

Chinese cyber actors have increasingly focused on infiltrating U.S. critical infrastructure sectors, including telecommunications, energy, water systems, and transportation. The Volt Typhoon hacking group, linked to the PRC, has been identified as a key player in these efforts. By using “living off the land techniques (LOTL)” leveraging legitimate tools already present in IT environments, these actors maintain anonymity and evade detection (4).

LOTL techniques refer to cyberattack strategies where attackers exploit legitimate tools and software already present in a target system to carry out malicious activities. These techniques are particularly effective because they blend in with normal system operations, making detection by traditional security measures challenging. Specific characteristics of LOTL include (a) use of legitimate tools like PowerShell, (b) fileless nature, which do not involve installing new malicious files on the system, instead use files directly in memory or use existing binaries leaving minimal traces for forensic analysis, (c) evasion of detection by basically exploiting malicious files or signatures that have been explicitly allowed on the system (s), and (d) persistence and lateral movement in where attackers use these techniques to establish persistent access, escalate privileges, and move laterally across networks without raising alarms. 

Example of key incidents that link PRC to US attacks

  • In 2024, Chinese hackers compromised over a dozen major U.S. telecommunications providers, capturing real-time phone call audio and text messages from millions of Americans (1).
  • Volt Typhoon actors have pre-positioned themselves within critical infrastructure networks for at least five years, enabling potential disruptive attacks during crises or conflicts (4).

Volt Typhoon is a sophisticated state-sponsored advanced persistent threat (APT) group associated with the PRC, and have been knowingly active since at least mid-2021, this APT is known for targeting critical infrastructure organizations across the United States. Its operations are characterized by stealthy, hands-on-keyboard tactics aimed at espionage and maintaining access for long-term data exfiltration.

Economic Espionage and Intellectual Property Theft

China’s cyber operations often aim to steal intellectual property (IP) and trade secrets to bolster its economic growth and technological advancements. This has had significant economic repercussions for U.S. businesses, and is one of the most critical activities conducted by China against US.

Some Key Statistics to support this assertion are

  • The theft of trade secrets costs the U.S. economy an estimated $225 billion to $600 billion annually, with China being a primary contributor (5).
  • Industries most targeted by Chinese cyber actors include technology (27%), manufacturing (21%), healthcare (14%), and financial services (12%) (6).

Espionage Beyond Cyberspace

China’s threat extends beyond traditional cyberattacks to include transnational repression schemes and covert surveillance operations on U.S. soil. For example, secret police stations operated by the CCP have been discovered in various U.S. cities, used to monitor and intimidate Chinese dissidents living abroad (15).

Pre-positioning for Disruptive Attacks

Chinese cyber actors are not only engaged in espionage but are also preparing for potential disruptive attacks against U.S. infrastructure during crises or conflicts. This strategy involves infiltrating operational technology (OT) systems that control physical processes in critical sectors. It is alarming, very concerning, and represent an irrefutable humongous risk to the US national security. This is actually happening already. 

Some Key Findings

  • CISA, NSA, and FBI assess with high confidence that PRC actors are pre-positioning themselves for lateral movement within IT networks to disrupt OT functions (4).
  • These activities could lead to widespread service outages affecting millions of Americans, with a possible direct live threating impact. 

Geopolitical Motivations

China’s cyber activities are often driven by geopolitical objectives, such as deterring U.S. involvement in Asia or gaining leverage in international negotiations. For instance, cyberattacks have been used as coercive tools during tensions over Taiwan (3) and it is known that China’s focus on infiltrating global supply chains highlights its intent to disrupt U.S.-led economic initiatives (3).

Small Businesses as Vulnerable Targets

Small and medium-sized businesses (SMBs) are increasingly targeted by Chinese cyber actors due to their limited cybersecurity capabilities. These SMBs often serve as entry points into larger organizations or critical infrastructure sectors. The situation becomes worst and extremely difficult to deal with as 99.9% of businesses in the United States are small businesses (9) according to the Small Business Administration (SBA). Please note that this statistic is consistent across multiple sources and years, including the most recent data from 2024 that was the one used as reference here. 

To highlight the importance of small businesses on US economy, please note that SBA define “small businesses” as an independently owned and operated company that is not dominant in its field and with less than1,500 employees, depending on the sector. Additionally, the SBA considers factors such as average annual receipts over the past three years, tangible net worth, and average net income after taxes for the past two years when determining if a business qualifies as small.

Some Key Insights

  • Many SMBs lack resources for robust cybersecurity defenses, making them attractive targets for nation-state actors like China (2).
  • The cascading risks from compromised SMBs can impact larger organizations and key geographic regions.

Advanced Tactics and Techniques

Chinese cyber actors employ sophisticated tactics that make detection and attribution challenging. These include:

  • “LOTL” techniques: Using legitimate tools like PowerShell and WMI to blend into normal network activity (4).
  • Botnets: The PRC has used botnets to conceal hacking activities targeting critical infrastructure (8).

Policy Implications

The growing threat from China necessitates a robust response from both public and private sectors in the US. Policymakers have called for escalating costs on the CCP through sanctions, trade restrictions, and enhanced cybersecurity measures (1), however, the effectivity of such measures are not proved as of yet.

Some Recommendations to minimize the negative impact of PRC actions.

  • Strengthening public-private partnerships to improve threat intelligence sharing.
  • Investing in advanced cybersecurity technologies like AI-driven threat detection.
  • Imposing diplomatic and economic penalties on China for cyber intrusions.
  • Include on the discussion private, public, and academic sectors but all at once. 

Conclusion

China represents a multifaceted cybersecurity threat to the United States due to its persistent espionage campaigns, targeting of critical infrastructure, intellectual property theft, and preparation for disruptive attacks. The scale of this threat is evident in the statistics: 80% of economic espionage prosecutions benefit China, while industries like technology and manufacturing remain prime targets (1).

Addressing this challenge requires a comprehensive approach involving stronger defenses, international cooperation, and holding China accountable for its actions. As tensions between the two nations continue to rise, understanding and mitigating China’s cyber threats will remain a top priority for U.S. national security.

References

Green, M., & Moolenaar, J. (2024). China attacked US with hackers: We need to hit back hard. Fox News. (1)

Cybersecurity & Infrastructure Security Agency (CISA). (2024). Under the Digital Radar: Defending Against People’s Republic of China’s Nation-State Cyber Threats. (2)

Booz Allen Hamilton (2024). Same Cloak, More Dagger: Decoding How the People’s Republic of China Uses Cyberattacks. (3)

CISA (2024). People’s Republic of China Cyber Threat. Retrieved from cisa.gov (4)

Homeland House Committee (2024). China Threat Snapshot. Retrieved from homeland.house.gov (5)

Statista Research Department (2023). U.S industries most targeted by Chinese nation-state cyber threats. Retrieved from statista.com (6

Federal Bureau of Investigation (FBI). (2024). Chinese Government Poses ‘Broad and Unrelenting’ Threat to U.S. Retrieved from fbi.gov (7)

Department of Justice (DOJ). (2024). U.S Government Disrupts Botnet People’s Republic of China Used. Retrieved from justice.gov (8)

U.S. Census Bureau. (2024, April 29). Small Business Week 2024. https://www.census.gov/library/stories/2024/04/small-business-week-2024.html (9

Noguerol, L. O. (2025). Leadership in cybersecurity: Sweet talkers’ effect. PageTurner Press and Media (10)