U.S. cyber officials indicate cyber adversaries will no longer be allowed to ‘walk all over’ the United States.
Once considered mainly an economic thief in cyberspace, the Chinese Communist Party (CCP) is now seen by the U.S. military as its top cyberthreat and “pacing adversary,” capable of not only espionage, but also potential sabotage of lifeline systems.
More than a dozen cybersecurity annual reviews and 2025 trend reports sound the alarm on the regime’s increasingly sophisticated cybercapabilities, with one even crowning 2024 as the “inflection point” in Chinese cyberespionage.
The recent large-scale hacks into U.S. critical infrastructure and telecommunications networks that went undetected for months, if not years, seemed a far cry from the unsubtle, brute-force cyberactivity of earlier years and brought new attention to the issue.
The shift on the regime’s part was not sudden, but rather the natural outgrowth of some 30 years of heavy investment in the cybersector.
The United States has also undergone a shift in its understanding of the regime and is now intent on pushing back.
CCP Builds Up Cybersector
In 1996, Kevin Mandia was a special agent at the Air Force Office of Special Investigations when he saw his first Chinese state-sponsored cybercampaign infiltrate “27 or 37 military bases” unencumbered.
It is a story that the cybersecurity executive has shared in many public talks, including one at the RSA Conference in April.
Mandia saw the Marine Corps, Army, Air Force, and Department of Energy breached on day one of the CCP-backed campaign as remote actors gained access via a West Coast university, with legitimate credentials belonging to several former Chinese international students whose accounts were never closed.
It showed the systemic nature of a state-backed campaign, according to Mandia, as division of labor was evident in the hack: One person or team was tasked with the testing of credentials, and another with the exfiltration of data.
The CCP People’s Liberation Army has had cyberunits since the 1990s, whereas it was not until 2009 that the United States established U.S. Cyber Command, or Cybercom, to unify cyberoperations.
The CCP has long considered cyberspace a theater of war, much like land, air, and sea, but early Chinese state-backed cyberactivity against the United States was better understood as economic espionage, something done to bolster Chinese companies with stolen trade secrets.
Even so, it was not until a groundbreaking report published by cybersecurity company Mandiant in 2013 exposed a Chinese hacking group as the People’s Liberation Army’s Unit 61398 that the U.S. private sector took seriously the threat of a foreign nation state at its door. The report, identifying the exact buildings the hackers worked out of and the identities of some members of the unit, detailed how the group had stolen data from 141 companies across 20 industries since 2006.
“We did it to genuinely push the agenda of ‘China’s literally hacking everybody and nobody knows it,’” Mandia, former CEO of Mandiant, said at the RSA Conference.
CCP leader Xi Jinping, whose tenure has been characterized by openly aggressive competition against the United States, stated his intention to have the regime become a superpower in cyberspace a few years after he came to power in 2015. Official speeches and documents outlined the need to secure cyberpower as a pillar of economic, national, and military security.
The same year, Xi stated the regime’s renewed focus on the CCP’s strategy of “military-civil fusion,” which blurs the lines between technologies for commercial use and for military use, emphasizing the lack of a true private sector in communist China.
