China’s aggressive and technically advanced cyberattacks, electronic espionage and information operations are strategic weapons targeting the United States, according to a major study by an intelligence contractor made public Monday.
The United States must urgently confront these operations through modernizing cyber defenses and countering Beijing’s targeting of infrastructure and use of deception and diplomacy in information and influence activities, the report by Booz Allen Hamilton, Inc., warns.
Increasingly successful information operations and global cyber activities are growing in both sophistication and capability through the use of artificial intelligence, a key tool now being used by both Chinese intelligence services and the Chinese Communist Party’s military, the People’s Liberation Army, the report states.
“They are a tool of statecraft, applied systematically with other elements of national power to weaken adversaries’ decision-making ecosystems, constrain their operational flexibility, and pre-condition the outcomes of future geopolitical contests,” the report said.
These sophisticated cyber and information operations ultimately are subverting the United States and its alliances.
“Beijing is targeting the backbone of the U.S. alliance system, recognizing both its enduring strategic importance and its growing vulnerability,” the report said.
“PRC operations prioritize embedding technical and political access into decision-making ecosystems, shaping elite discourse, and eroding cohesion from within.”
If left unchallenged, Chinese operations will result in a hollowing out of allied coordination, delaying responses during crises, and producing alliance relations that are slower, more divided and less capable of responding to China’s geopolitical ambitions.
The 250-page report, “Breaking Through: How to Predict, Prevent, and Prevail over the PRC Cyber Threat,” was made public Monday.
The study urges the United States and its allies to reclaim the initiative and act urgently to expose, contest, and dislodge Chinese cyber advantages before they solidify into “structural dominance.”
Greater efforts are needed to track and identify Chinese operations, expose and dismantle Chinese covert online information networks and harden security domestically and internationally, the report said.
“The window to act is narrowing. But with deliberate strategy and sustained investment, the U.S. can blunt Beijing’s advances, reclaim operational advantage, and reset the terms of long-term competition,” the report said.
Based on a review of 350 reports of Chinese cyber operations since 2022, the report identified four major factors driving strategic cyberattacks.
“Beijing is weaponizing trusted relations,” the report said, noting Chinese hackers’ ability to compromise secure relations between software platforms and users, vendors and clients and administrators and networks.
“By embedding themselves into these relationships— whether through stolen credentials, hijacked update channels, or vendor compromise—[People’s Republic of China] actors gain scalable, persistent access that bypasses traditional defenses,” the report said.
A damaging example involved a group of Chinese military hackers who breached Boeing’s computer systems in 2009 and stole 85,000 files, including details of the military’s C-17 transport.
Court documents in the case against one of the hackers included an email sent by the hackers to senior officials in Beijing bragging that the cyber theft cost around $400,000 but provided $40 billion worth of taxpayer-funded research and development used to build hundreds of the PLA’s Y-20 transports, a copy of the C-17 and a strategic power projection tool.
The Booz Allen report said a key example of Chinese cyber power was the operation in late 2024 dubbed Silk Typhoon. A group of state-run hackers used zero-day software vulnerabilities to penetrate multiple U.S. government networks, including the Treasury Department’s Office of Foreign Assets Control, through a contractor.
The group used similar tactics to breach networks of U.S. states and local government and information technology companies. The break-ins allowed access to data used by law enforcement probes and government policy related to Beijing’s interests, the report said.
In recent years, the Chinese intelligence services have begun using artificial intelligence to increase cyber and information attack capabilities.
“AI is turbocharging the scale, tempo, and targeting of PRC cyber and information operations,” the report said.
The advanced computing capability is allowing Beijing to overcome constraints caused by language barriers, improving attack analyses, and allowing its forces to scale up cyber strikes.
“Even in its early stages, AI is changing how the PRC collects intelligence, targets operations, and shapes global narratives, aligning with Beijing’s ‘intelligentized’ warfare doctrine that prioritizes data-driven decision-making and information dominance,” the report said.
The use of these tools is eroding America’s strategic advantage by providing Chinese intelligence agencies and the military with more effective surveillance, exploitation and influence activities. AI-powered cyberattacks also allow for long-term access with fewer warning signs.
“PRC actors can now act earlier, move faster and hide more effectively,” the report said, speeding up cyber campaigns, reducing defenders’ decision time and complicating the ability to trace the origin of the attacks.
The advantages have made it increasing difficult for the United States and its allies to coordinate responses, act decisively in response and prevent an escalation of crises or conflicts.
China’s military regards AI as central to the use of cognitive warfare and information dominance.
“PLA doctrine describes AI as essential to shaping adversary decision-making, degrading social cohesion, and asserting ‘discourse power’ abroad,” the report said.
Information warfare powered by AI is viewed by the PLA as a major tool for influencing both wartime and peacetime strategic competition. It is also being used to manipulate public perceptions, destabilize adversaries and expand the Chinese Communist Party’s ability to control geopolitical issues.
For example, in late 2024, a Chinese hacker group used ChatGPT to produce anti-U.S. articles in Spanish that were published in mainstream media in Latin America. Open AI said the activity was the first confirmed use of planting AI-generated content in traditional media.
Another new tool used by Beijing is to disguise its state-directed cyberattacks as financially motivated cybercrime. The cybercrimes are in fact espionage, disruption operations and “coercive signaling,” the report said. An example is the Chinese state-run cyber group known as APT41 in a global phishing campaign that used traditional cybercriminal delivery tactics for state-run espionage.
In that case, the group used emails that posed as tax authorities to target aerospace, insurance, chemicals and manufacturing sectors — all key strategic espionage targets.
Authorities in Beijing also have conducted sophisticated deception and denial activities to divert attentions from its cyberattacks, the report said.
Regionally, China is undermining American agility and escalation control in East Asia through cyber operations and information warfare.
Key activities include operations to undermine U.S. support for Taiwan, aggressive activities against U.S. allies in the South China Sea and against Japan.
China is working to expand its influence and shape the regional order on its terms.
“Cyber and information operations are its principal tools, avoiding direct confrontation while enabling access to infrastructure, influence over political ecosystems, access to intellectual property and erosion of adversary cohesion,” the report said.
Chinese cyber and information attacks are seeking to reduce the ability of U.S. aligned nations to respond quickly or cohesively to strategic pressure.
The game plan for Taiwan calls for degrading public resistance to a Chinese takeover and prepositioning tools that will allow for disrupting infrastructure.
For the Philippines and Vietnam, Chinese campaigns involve shaping the behavior of elites on maritime disputes.
Operations against Japan target high-value technology and networks involved in alliance coordination and defense logistics.
“These activities form a deliberate strategy of environmental shaping, designed to exploit peacetime access, strain political alignment and build leverage for use in future regional conflicts,” the report said.
China’s other key method has been to use sophisticated hackers who extensively target what the report called “network edge infrastructure” — network routers, virtual private network appliances and firewalls to gain access to internal networks from the public internet.
These security holes remain exposed and poorly monitored and can provide Chinese hackers with access to credentials, information and communication traffic outside of security monitoring.
“Beijing has emerged as the global leader in zero-day exploitation targeting network edge devices,” the report said.
Beginning in 2021, Chinese hackers sharply stepped up zero day attacks with 85% of the known vulnerabilities exploited involved penetrating firewalls, VPNs and routers.
Attacks include a 2022 operations by three Chinese groups that hit Tibetan organizations and a government department involved in China’s program in the developing world called the Belt and Road Initiative that involved debt negotiations.
In late 2022 and 2023, Chinese hackers used an unknown software vulnerability to compromise over 20,000 computer networks around the world. The victims included governments, international organizations, and defense contractors.
“A national response must match the scale and structure of the threat,” the report concluded. “That means modernizing cyber defenses to prioritize edge access and vendor risk, contesting attribution with speed and credibility, and aligning regional strategies to counter PRC leverage across infrastructure, diplomacy, and influence.”
• Bill Gertz can be reached at bgertz@washingtontimes.com.
Please read our comment policy before commenting.