BEIJING — China has accused the United States of conducting hundreds of state-sponsored cyberattacks targeting its military-industrial complex, including defense universities, satellite communication enterprises, and weapons research institutes. Chinese officials are warning that these alleged intrusions pose a serious risk to national security and may signal the beginning of a new technological cold war.
The accusations were made public by the Cyber Security Association of China, which unveiled two extensive case studies documenting what it described as US-orchestrated espionage activities. In one case, a prominent defense firm in China was reportedly infiltrated between July 2022 and July 2023. The attackers, cloaked behind IP addresses routed through countries including Germany, South Korea, and Singapore, allegedly hijacked the company’s domain controller, gained access to over 50 internal systems, and extracted confidential correspondence from high-ranking personnel.
In another high-profile breach from late 2024, a Chinese satellite internet enterprise was reportedly compromised via an exploit in its electronic filing system. This operation, too, was traced to foreign IP infrastructure, specifically routed through Romania and the Netherlands, raising concerns of multinational complicity or proxy-state cooperation in US cyber campaigns.
China’s Foreign Ministry spokesman Guo Jiakun condemned the cyber intrusions as “a flagrant act of aggression,” accusing Washington of manipulating global cyber norms while simultaneously operating from behind a veil of digital proxies. “The United States maintains a duplicitous posture—professing cybersecurity leadership while engaging in expansive digital warfare,” Guo told reporters in Beijing, calling on international watchdogs to intervene.
According to Chinese authorities, over 600 separate cyber operations linked to US intelligence agencies have targeted strategic sectors in China during 2024 alone, ranging from aerospace programs to advanced radar research. Officials emphasized that the attacks were not mere reconnaissance but high-level infiltration attempts aimed at exfiltrating design blueprints, testing protocols, and classified military specifications.
These revelations follow similar claims made earlier this year during the Asian Winter Games, where Chinese officials accused the National Security Agency (NSA) of launching “advanced persistent threat” operations during a high-level surveillance sweep in northeastern Heilongjiang province. Local reports alleged that American actors exploited vulnerabilities in Microsoft Windows servers, targeting state infrastructure, transport systems, and defense suppliers while masking their origin using commercial VPNs and international server chains.
China’s disclosures reflect a broader strategic repositioning. While Beijing has long faced accusations from the West over cyberespionage, the recent revelations appear to reverse that narrative, portraying China not as the aggressor but the besieged target of US cyber imperialism. Analysts say this is a deliberate move, intended to galvanize international sympathy and shift geopolitical framing on cyber norms.
Western responses, meanwhile, remain skeptical. While the US has not officially responded to these specific accusations, intelligence agencies and independent analysts have consistently identified China, including groups such as Volt Typhoon and Salt Typhoon, as the most active state-sponsored cyber threat to the United States and its allies. A July 2025 report by Washington-based security firm Recorded Future described Chinese cyber strategy as “global in scale and strategic in ambition,” underscoring its disruptive potential.
Yet Beijing’s latest dossier offers technical depth and forensic precision, including malware traces, server logs, and breach timelines. Whether this will convince the international community remains uncertain, but it underscores how deeply entangled cybersecurity has become in global diplomacy and military strategy.
According to Mehr News, the accusations were publicized through a government-backed cybersecurity bulletin on August 2, 2025, outlining the targeted sectors and operational signatures linking the intrusions to US-based digital espionage networks. The report concludes with an explicit call for global cyber governance reform and demands punitive mechanisms against what it terms “transnational cyber mercenaries” operating under state orders.
China Daily noted that US intelligence agencies had exploited a vulnerability in Microsoft Exchange email servers to infiltrate a major Chinese defense enterprise, gaining control of its domain controller between July 2022 and July 2023 and using it as a foothold to commandeer over 50 internal devices, install data‑stealing malware, and exfiltrate sensitive emails, including military design blueprints and core system parameters from senior-level personnel, with network traffic obfuscated via IP addresses routed through Germany, Finland, South Korea, and Singapore; in a separate incident from July to November 2024, another US‑linked cyber operation targeted a Chinese satellite‑internet firm by penetrating its electronic filing system, leveraging IPs from Romania and the Netherlands to mask origin, as part of more than 600 state‑sponsored advanced persistent threat attacks on Chinese military‑industrial sectors in 2024 alone.
