Chinese intelligence activity abroad
The government of China is engaged in espionage overseas, directed through diverse methods via the Ministry of State Security, the United Front Work Department, and People's Liberation Army as well as their numerous front organizations. It is employs a variety of tactics including cyber spying to gain access to sensitive information remotely, signals intelligence, and human intelligence. China is also engaged in industrial espionage aimed at gathering information to bolster its economy, as well as monitoring dissidents abroad such as supporters of the Tibetan independence movement and Uyghurs as well as the Taiwan independence movement, the Hong Kong independence movement, Falun Gong, pro-democracy activists, and other critics of the Chinese Communist Party.
Method of operation
It is believed that Chinese espionage is aimed at the preservation of China's national security through gaining commercial, technological, and military secrets. It is generally believed that Chinese intelligence agencies operate differently from other espionage organizations by employing primarily academics or students who will be in their host country only a short time, rather than spending years cultivating a few high-level sources or double agents. The use of non-traditional intelligence assets is codified in Chinese law. Article 14 of China's 2017 National Intelligence Law mandates that Chinese intelligence agencies "may ask relevant institutions, organizations and citizens to provide necessary support, assistance and cooperation." Honey trapping and kompromat are also common tools of Chinese intelligence services.Much information about the Chinese intelligence services comes from defectors, whom the PRC accuses of lying to promote an anti-PRC agenda. One known exception to this rule is the case of Katrina Leung, who was accused of starting an affair with an FBI agent to gain sensitive documents from him. A U.S. judge dismissed all charges against her due to prosecutorial misconduct.
The United States believes the Chinese military has been developing network technology in recent years in order to perform espionage on other nations. Several cases of computer intrusions suspected of Chinese involvement have been found in various countries including Australia, New Zealand, Canada, France, Germany, the Netherlands, the United Kingdom, India and the United States.
In the aftermath of the Shadow Network computer espionage operation security experts claimed "targeting Tibetan activists is a strong indicator of official Chinese government involvement" since private Chinese hackers pursue economic information only. In 2009, Canadian researchers at the Munk Center for International Studies at the University of Toronto examined the computers at the personal office of the Dalai Lama. Evidence led to the discovery of GhostNet, a large cyber-spy network. Chinese hackers had gained access to computers possessed by government and private organizations in 103 countries, although researchers say there is no conclusive evidence China's government was behind it. Computers penetrated include those of the Dalai Lama, Tibetan exiles, organizations affiliated with the Dalai Lama in India, Brussels, London and New York, embassies, foreign ministries and other government offices, and focus was believed to be on the governments of South Asian and Southeast Asian countries. The same researchers discovered a second cyberspy network in 2010. They were able to see some of the stolen documents which included classified material about Indian missile systems, security in several Indian states, confidential embassy documents about India's relationships in West Africa, Russia and the Middle East, NATO forces travel in Afghanistan, and a years worth of the Dalai Lama's personal email. The "sophisticated" hackers were linked to universities in China. Beijing again denied involvement. In 2019 Chinese hackers posing as New York Times, Amnesty International and other organization's reporters targeted the private office of the Dalai Lama, Tibetan Parliament members, and Tibetan nongovernmental organizations, among others. Facebook and Twitter took down down a large network of Chinese bots that was spreading disinformation about the 2019–20 Hong Kong protests and a months long attack on Hong Kong media companies was traced to Chinese hackers.
Facial recognition and surveillance artificial intelligence technology developed inside China to identify Uyghurs, a Muslim minority, is now used throughout China, and despite security concerns over Chinese involvement in 5G wireless networks, is manufactured and exported worldwide by state owned China National Electronics Import & Export and Huawei to many countries, including Ecuador, Zimbabwe, Uzbekistan, Pakistan, Kenya, the United Arab Emirates, Venezuela, Bolivia, Angola and Germany. American companies and universities such as MIT are partnering with, and Princeton, the Rockefeller Foundation and the California Public Employees' Retirement System are backing, Chinese surveillance and AI start-ups such as Hikvision, SenseTime and Megvii, which sell less expensive versions of Chinese state developed artificial intelligence surveillance systems, although this is being curtailed somewhat due to the companies being declared national security threats and human rights violators by the US, and US-China trade concerns. China invests in American AI startups and is starting to overtake the US in AI investment.
In July 2020, in its annual report, Germany’s domestic intelligence agency, the BfV, warned consumers that personal data they provide to Chinese payment companies or other tech firms such as Tencent, Alibaba and others, could end up in the hands of China’s government.
Intelligence activity worldwide
Africa
Ethiopia
In January 2018, Le Monde reported that the headquarters of the African Union, which had been constructed by the China State Construction Engineering Corporation, had had its computer systems compromised between 2012 and 2017, with data from AU servers being forwarded to Shanghai. The building's computer system was subsequently removed and the AU refused a Chinese offer to configure the replacement system. Le Monde alleged that the AU had then covered up the hack to protect Chinese interests in the continent.China and the African Union have rejected the allegations. Ethiopian Prime Minister Hailemariam Desalegn rejected the French media report, saying that he doesn't believe it. Moussa Faki Mahamat, head of the African Union Commission, said the allegations in the Le Monde's report were false. "These are totally false allegations and I believe that we are completely disregarding them."
Asia
Cambodia
Since at least April 2017, TEMP.Periscope, an advanced persistent threat based in China, has been hacking Cambodian organizations related to the 2018 general election. Targets included the National Election Commission, the Ministry of Interior, the Ministry of Foreign Affairs and International Cooperation, the Senate of Cambodia, and the Ministry of Economy and Finance. The APT engaged in spear phishing against Monovithya Kem of the Cambodia National Rescue Party, sending messages which impersonated the Cambodian League for the Promotion and Defense of Human Rights.Hong Kong
According to Falun Gong media The Epoch Times and Pan-democracy political groups, China has been sending spies into Hong Kong harassing dissents and Falun Gong practitioners. In 2012, according to Oriental Daily, a Chinese security ministry official has been arrested in Hong Kong for suspicion of acting as a double agent for the United States.India
India has quietly informed companies to avoid using Chinese-made telecommunications equipment, fearing that it may have spy capabilities embedded within it. Also, India's intelligence service, Research and Analysis Wing believes that China is using dozens of study centers that it has set up in Nepal near the Indian border in part for the purposes of spying on India.In August 2011 a Chinese research vessel disguised as a fishing trawler was detected off the coast of Little Andaman, collecting data in a geostrategically sensitive region.
The "Luckycat" hacking campaign that targeted Japan and Tibet also targeted India. A Trojan horse was inserted into a Microsoft Word file ostensibly about India's ballistic missile defense program, allowing for the command and control servers to connect and extract information. The attacks were subsequently traced back to a Chinese graduate student from Sichuan and the Chinese government is suspected of planning the attacks.
Chinese hackers linked to the Third Technical Department of the People's Liberation Army have launched extensive and sustained hacking campaigns against the Central Tibetan Administration, based in Dharamshala.
In 2018, PLA Navy deployed a Type 815G ELINT ship in waters off Andaman and Nicobar islands for two weeks, according to a report by Indian intelligence agencies.
In March 2019, Indian intelligence agencies, told news services that China was trying to spy on Indian Naval bases, located in southern India and Integrated Test Range missile testing facility located at Abdul Kalam Island. It was doing this by establishing Chinese business around these areas.
In June 2019, Indian Reconnaissance satellite detected that PLAGF had deployed TARS balloon on strategic bases located in Tibet to gather intelligence on Indian forward bases.
Japan
According to a report by Trend Micro the "Luckycat" hacker group is engaged in cyber-espionage on targets in Japan, India and Tibet. During the 2011 Tōhoku earthquake and tsunami and nuclear meltdowns at Fukushima, the hackers inserted a Trojan virus into PDF attachments to emails being circulated containing information about radiation dosage measurements. Investigation into ownership of the command and control servers by Trend Micro and The New York Times linked the malware to Gu Kaiyuan, through QQ numbers and the alias "scuhkr". Mr. Gu is a former graduate student of the Information Security Institute of Sichuan University in Chengdu and wrote his master's thesis on computer hacking. James A. Lewis of the Center for Strategic and International Studies, believes the attacks were state-sponsored.Kazakhstan
On 19 February 2019, Kazakh counterintelligence officers arrested Konstantin Syroyezhkin, a former KGB agent, in Almaty, on charges of passing classified documents to Chinese spies.The Philippines
President Travis Reese has stated that the Chinese-sponsored Conference Crew, founded in 2016, has engaged in cyber-espionage against the Philippines, targeting diplomatic and national security information.Singapore
, an academic at the Lee Kuan Yew School of Public Policy, was expelled from Singapore, reportedly for working as an agent of influence for Chinese intelligence services.SingHealth medical data was hacked by suspected Chinese hackers around July 2018.
South Korea
claims that two hacker operations tied to the Chinese military, dubbed Tonto Team and Stone Panda/APT10, have attempted to hack the South Korean Ministry of Foreign Affairs and other targets related to the deployment of THAAD.China is reportedly engaged in economic espionage against South Korean technology companies, including Samsung Electronics and SK Hynix.
Sri Lanka
In 2010, Jayalalithaa Jayaram – head of the All India Anna Dravida Munnetra Kazhagam – stated that Chinese workers, working in parts of the country devastated by the Sri Lankan Civil War were infiltrated with Chinese spies on surveillance missions targeted at India.In May 2019, Sri Lankan authorities caught former chief of Military intelligence, for allegedly acting as a Chinese mole and trying to obstruct a probe by Indian and American agencies into the Easter bombings.
Taiwan
The PRC and ROC regularly accuse each other of spying.Presidential aide Wang Jen-ping was found in 2009 to have sold nearly 100 confidential documents to China since 2007; Military intelligence officer Lo Chi-cheng was found to have been acting as a double agent in 2010 for China since 2007; Maj. Gen. Lo Hsien-che, electronic communications and information bureau chief during the administration of former President Chen Shui-bian, has been suspected of selling military secrets to mainland China since 2004.
In 2007 the Ministry of Justice Investigation Bureau stated that 500 gigabyte Maxtor Basics Personal Storage 3200 hard drives produced by Seagate Technology and manufactured in Thailand may have been modified by a Chinese subcontractor and shipped with the Virus.Win32.AutoRun.ah virus. As many as 1,800 drives sold in the Netherlands and Taiwan after August 2007 were reportedly infected with the virus, which scanned for passwords for products such as World of Warcraft and QQ and uploading them to a website in Beijing.
In May 2017, Major Wang Hung-ju, a retired military police officer assigned to the National Security Bureau, was indicted on charges of spying for the People's Republic of China.
Army Major General Hsieh Chia-kang, deputy commander of Matsu Defense Command, has been accused of providing intelligence to China, having been recruited by retired army colonel Hsin Peng-sheng.
Zhou Hongxu, a graduate of National Chengchi University's MBA program, has been accused of attempting to recruit an official from the Ministry of Foreign Affairs for the purposes of providing intelligence to China. Zhou was reportedly instructed by China's Taiwan Affairs Office to enroll in the university in order to make friends and develop a spy ring. Zhou reportedly solicited classified documents, offering trips to Japan and United States dollars in payment.
In January 2018, it was reported that the Taipei District Prosecutors' Office is investigating if classified information regarding the Airborne Special Service Company was passed on to Zhou Hongxu, who was already convicted for violating the National Security Act. In March 2018, a retired colonel was charged with breaching the National Security Act by the Kaohsiung District Prosecutors' Office, which alleged that the colonel shared classified personal information and planned to develop a spy ring in Taiwan. In April 2018, Hung Chin-hsi, a Macau-born businssman, was accused of developing a spy ring in the Ministry of Justice, on behalf of China. Captain Zhen Xiaojiang was convicted in 2015 of recruiting Taiwanese military officers as part of a spy ring on behalf of China, including Army Major-General Hsu Nai-chuan. Zhen sent intelligence regarding Taiwan's radar installations and Dassault Mirage 2000 fighters to China. He was deported to Hong Kong in July 2018.
Economic espionage
The Wall Street Journal reported that Taiwan has been "ground zero" for economic espionage related to integrated circuit fabrication. In a review of ten prosecutions for technology-related thefts in Taiwan, WSJ found that nine of those cases involved technology transfer to China. An employee of Nanya Technology Corp. allegedly stole designs for dynamic random-access memory on behalf of Tsinghua Holdings. Hsu Chih-Peng, an engineer for Taiwan Semiconductor Manufacturing Co., allegedly stole microchip designs after being solicited by the Chinese government-owned Shanghai Huali Microelectronics Coration.According to Taiwanese prosecutors, engineer Wang Yongming engaged in espionage to steal Micron Technology microchip designs via the Taiwanese company UMC. Micron alleges that UMC hired Micron's engineers, asking them to steal files on advanced memory chips. The files Wang allegedly stole were said to be production secrets, including testing procedures related to metallization, and the DR25nmS design protocol.
Vietnam
According to the security research firm FireEye, Chinese hackers are suspected of targeting Vietnamese government and corporate targets. The hacking group, designated Conimes, phished the targets and delivered malware via a pre-2012 version of Microsoft Word.Europe
According to the cyber-security firm Area 1, hackers working for the People's Liberation Army Strategic Support Force compromised the COREU network used for communication by the European Union, allowing for the theft of thousands of low-classified documents and diplomatic cables.In 2019, According to a report released by European External Action Service. There were an estimated 250 Chinese MSS spies operating in capital of European Union.
Belgium
Justice Minister Jo Vandeurzen accused the Chinese government of electronic espionage against the government of Belgium, while Foreign Minister Karel De Gucht informed the Belgian Federal Parliament that his ministry was hacked by Chinese agents. The espionage is possibly linked to Belgium hosting the headquarters of NATO and the European Union.The Katholieke Universiteit Leuven in Leuven was also believed to be the center for a group of Chinese students in Europe conducting industrial espionage, operating under a front organization called the Chinese Students' and Scholars' Association of Leuven. In 2005 a leading figure of the Association defected to Belgium, providing information to the Sûreté de l’Etat on hundreds of spies engaged in economic espionage across Europe. The group had no obvious links to Chinese diplomats and was focused on getting moles into laboratories and universities in the Netherlands, Britain, Germany, France and Belgium. The People's Daily, an organ of the Central Committee of the Communist Party of China, dismissed the reports as fabrications triggered by fears of China's economic development.
In February 2019, a report was released by European External Action Service which estimated that there were 250 Chinese MSS spies operating in Brussels, the capital of European Union.
Finland
According to the security research firm F5, Chinese hackers launched widespread attacks against Finnish Internet of things computers prior to the 2018 Russia–United States summit in Helsinki.France
There have been several incidents of suspected Chinese spies in France. This includes Shi Pei Pu, a Chinese opera singer from Beijing who convinced a French diplomat that he was a woman, and spied on France.French media also portrayed Li Li Whuang, a 22-year-old Chinese intern at car parts maker Valeo, as an industrial spy. Both the French prosecution and Valeo refuted media claims of spying and the case was later considered to be a psychosis. Li Li was ultimately convicted of violating the confidentiality clause of her contract and served two months in prison, but was allowed to continue her doctoral studies at the University of Technology of Compiègne.
Two French intelligence operatives, identified only as Henri M and Pierre-Marie H, were accused of communicating classified information to China. Henri M was reportedly the Beijing station chief for the Directorate-General for External Security.
According to reporting by Le Figaro, the General Directorate for Internal Security and Directorate-General for External Security believe that Chinese spies have used LinkedIn to target thousands of business and government officials as potential sources of information.
Germany
According to reporting in Süddeutsche Zeitung, China has been soliciting information from members of the Bundestag, including offering €30,000 for insider information from one parliamentarian.Between August and September 2007 Chinese hackers were suspected of using Trojan horse spyware on various government computers, including those of the Chancellory, the Ministry of Economics and Technology, and the Ministry of Education and Research. Germans officials believe Trojan viruses were inserted in Microsoft Word and PowerPoint files, and approximately 160 gigabytes of data were siphoned to Canton, Lanzhou and Beijing via South Korea, on instructions from the People's Liberation Army.
The Federal Ministry of the Interior estimates that Chinese economic espionage could be costing Germany between 20 and 50 billion euros annually. Spies are reportedly targeting mid- and small-scale companies that do not have as strong security regimens as larger corporations. Berthold Stoppelkamp, head of the Working Group for Economic Security, stated that German companies had a poor security culture making espionage easier, exacerbated by the absence of a "strong, centralized" police command. Walter Opfermann, a counter-intelligence expert for the state of Baden-Württemberg, claimed that China is using extremely sophisticated electronic attacks capable of endangering portions of critical German infrastructure, having gathered sensitive information through techniques such as phone hacking and Trojan emails. In November 2018, German prosecutors in Cologne charged a former employee of Lanxess for engaging in industrial espionage on behalf of a Chinese copycat company.
Germany suspects China of spying both on German corporations and on Uyghur expatriates living in the country. In 2011, a 64-year-old German man was charged with spying on Uyghurs in Munich between April 2008 and October 2009. Munich is a center for expatriate Uyghurs, and in November 2009 members of the Federal Criminal Police Office arrested four Chinese nationals on charges of spying on Uyghurs. In 2007 Chinese diplomat Ji Wumin left Germany after being observed meeting with individuals engaged in surveillance of Munich Uyghurs, and German investigators suspect China is coordinating espionage activities out of its :File:Chinese consulate in Munich.JPG|Munich consulate in the Neuhausen district.
In 2017, the Federal Office for the Protection of the Constitution published information alleging that Chinese intelligence services had created fake social media profiles on sites such as LinkedIn, using them to gather information on German politicians and government officials. The Verfassungsschutz had previously warned that Chinese intelligence officers are making use of social networking sites such as LinkedIn and XING to recruit informants. Lu Kang of the Ministry of Foreign Affairs denied the allegations.
Lithuania
Lithuanian intelligence agencies have claimed that China is engaged in an "increasingly aggressive" campaign of espionage, which includes "attempts to recruit Lithuanian citizens". Darius Jauniskis, Director of the State Security Department of Lithuania, has cautioned against a potential threat posed by Huawei telecommunications equipment.Norway
Hackers working as part of APT 10, on behalf of the Chinese government, hacked Norwegian business software provider Visma, reportedly to gain access to the information on the company's customers. Beginning on 30 August 2018, APT10 used a malware program dubbed Trochilus and accessed a backdoor, and then proceeded to use WinRAR and cURL to exfiltrate data from Visma to a Dropbox account.Poland
In May 2009, Stefan Zielonka, a Polish cipher officer working for the Military Information Services, disappeared. He is suspected of providing the Chinese or Russian governments with Polish and NATO cryptography information. Zielonka's body was later retrieved from the Vistula river, although investigators remain uncertain as to whether Zielonka was attempting to defect or committed suicide, or whether the body retrieved actually was Zielonka's.In April 2018, a former member of the Parliament of Poland for Samoobrona, Mateusz Piskorski, was charged with espionage on behalf of Russia and China.
In January 2019, the Huawei sales director for Poland, identified as Weijing Wang was arrested, along with a former senior agent of the Agencja Bezpieczeństwa Wewnętrznego named Piotr Durbajlo, on suspicion of espionage. Wang was educated at the Beijing Foreign Studies University and studied Polish in Łódź, and subsequently worked as a cultural attaché at the Chinese consulate in Gdańsk. Wang joined Huawei's Enterprise Business Group in 2017. Durbajlo worked at the Military University of Technology, working on telecommunications security projects. After retiring from the ISA, he began working as a consultant for Orange Polska.
Russia
In December 2007, Igor Reshetin, the Chief Executive of Tsniimash-Export, and three researchers were sentenced to prison for passing on dual-purpose technology to the Chinese. Analysts speculated that the leaked technology could help China develop improved missiles and accelerate the Chinese space program. In September 2010, the Russian Federal Security Service detained two scientists working at the Baltic State Technical University in Saint Petersburg. The two are charged with passing on classified information to China, possibly through the Harbin Engineering University.In February 2020, the FSB detained Dr. Valery Mitko, President of Russia's Arctic Academy of Sciences, on charges of providing classified information related to underwater detection of submarines to Chinese intelligence operatives.
Switzerland
According to reports in Neue Zürcher Zeitung, Chinese intelligence services have attempted to recruit Swiss university staff and researchers using LinkedIn.Sweden
Babur Maihesuti, a Chinese Uyghur who became a Swedish citizen was arrested for spying on the Uyghur refugee communities in Sweden, Norway, Germany and the United States, and ultimately sentenced for illegal espionage activity. In April 2018 Sweden charged Dorjee Gyantsan, a 49-year-old Tibetan refugee, with spying on Tibetan dissidents and refugees in Sweden between July 2015 and February 2017. Gyantsan is accused of collecting information on Tibetan refugees in Sweden, and then passing that information on to Chinese officials in Finland and Poland. Gyantsan was arrested upon returning from Warsaw, carrying $6,000 in cash.United Kingdom
UK officials, including experts at its MI5 intelligence agency, are fearful that China could shut down businesses in the nation with Chinese cyberattacks and spy equipment embedded in computer and telecommunications equipment. MI5 has reportedly monitored Chinese espionage against Rio Tinto Group computers.According to Robert Hannigan, former Director of the Government Communications Headquarters, Chinese hackers have engaged in economic espionage against British universities and engineering companies, on behalf of the Chinese government.
North America
Canada
Newspapers have estimated that China may have up to 1,000 spies in Canada. The head of the Canadian Security Intelligence Service Richard Fadden in a television interview was assumed to have implied that various Canadian politicians at provincial and municipal levels had ties to Chinese intelligence. In an interview, he claimed that some politicians were under the influence of a foreign government, but he withdrew the statement a few days later. It was assumed by Chinese groups in Canada, and others, that he was referring to China because in the same interview he stressed the high level of Chinese spying in Canada, however Fadden did not say specifically which country these politicians were under the influence of. His statement was withdrawn a few days later.In 2005, Canadian businessman Joe Wang stated his belief that threatening letters he received after broadcasting programs about alleged human rights abuses in China were from the Chinese consulate; one of the envelopes contained boric acid.
In 2012 Mark Bourrie, an Ottawa-based freelance journalist, stated that the State Council-run Xinhua News Agency asked him to collect information on the Dalai Lama through their Ottawa bureau chief, Dacheng Zhang, by exploiting his journalistic access to the Parliament of Canada. Bourrie stated that he was asked to write for Xinhua in 2009 and sought advice from the Canadian Security Intelligence Service, but was ignored. Bourrie was asked to collect information on the Sixth World Parliamentarians' Convention on Tibet at the Ottawa Convention Centre, although Xinhua had no intention of writing a story on the proceedings. Bourrie stated that at that point "We were there under false pretenses, pretending to be journalists but acting as government agents." Xinhua collects extensive information on Tibetan and Falun Gong dissidents in Canada, and is accused of being engaged in espionage by Chinese defector Chen Yonglin and Reporters Without Borders.
On 1 December 2013, Lloyd's Register employee Qing Quentin Huang was arrested and charged with violating the Security of Information Act, for allegedly communicating classified information on the federal shipbuilding strategy to China. Huang reportedly contacted the Chinese Embassy in Ottawa in an attempt to pass on secrets, which was detected by the Canadian Security Intelligence Service, who in turn alerted the Royal Canadian Mounted Police.
Between 2006 and 2010 Yang Wang, a Chinese immigrant to Canada, admitted to providing intelligence to the Ministry of State Security, including on the activities of Falun Gong.
Around June 2014, the National Research Council was reportedly penetrated by Chinese state-sponsored hackers.
United States
China is suspected of having a long history of espionage in the United States against military and industrial secrets, often resorting to direct espionage, exploitation of commercial entities, and a network of scientific, academic, and business contacts. Several U.S. citizens have been convicted for spying for China. Naturalized citizen Dongfan Chung, an engineer working with Boeing, was the first person convicted under the Economic Espionage Act of 1996. Chung is suspected of having passed on classified information on designs including the Delta IV rocket, F-15 Eagle, B-52 Stratofortress and the CH-46 and CH-47 helicopters.The U.S. Department of Justice investigation into the fund-raising activities had uncovered evidence that Chinese agents sought to direct contributions from foreign sources to the Democratic National Committee before the 1996 presidential campaign. The Chinese embassy in Washington, D.C. was used for coordinating contributions to the DNC.
China's espionage and cyberattacks against the US government and business organizations are a major concern, according to the seventh annual report to the US Congress of the U.S.-China Economic and Security Review Commission. "Although attribution is a problem in cyber attacks, the scale and coordination of the attacks strongly indicates Chinese state involvement," said commission vice chairman Larry Wortzel. "In addition to harming U.S. interests, Chinese human and cyber espionage activities provide China with a method for leaping forward in economic, technological, and military development." The report cited that the number of cyberattacks from China against the US Department of Defense computer systems had grown from 43,880 in 2007 to 54,640 in 2008, a nearly 20 percent increase. Reuters reported that the Commission found that the Chinese government has placed many of its computer network responsibilities under the direction of the People's Liberation Army, and was using the data mostly for military purposes. In response, China slammed the report as "full of prejudice," and warning it could damage China-US relations. "We advise this so-called commission not to always view China through tinted glasses," Foreign Ministry spokesman Qin Gang said.
In 2008 the Chinese government was accused of secretly copying information from the laptop of Commerce Secretary Carlos Gutierrez during a trade mission to Beijing in order to gain information on American corporations. The allegations were subsequently dismissed by Qin Gang, a spokesman for the Ministry of Foreign Affairs of the People's Republic of China.
In November 2005 the United States arrested four people in Los Angeles on suspicion of being involved in a Chinese spy ring.
Taiwanese-American scientist Wen Ho Lee was accused and investigated on the grounds of espionage in 1999 but was acquitted of all charges except for mishandling classified data.
In response to these and other reports of cyberattacks by China against the United States, Amitai Etzioni of the Institute for Communitarian Policy Studies has suggested that the United States and China should agree to a policy of mutually assured restraint with respect to cyberspace. This would involve allowing both states to take the measures they deem necessary for their self-defense while simultaneously agreeing to refrain from taking offensive steps; it would also entail vetting these commitments.
In June 2015, the United States Office of Personnel Management announced that it had been the target of a data breach targeting the records of as many as four million people. Later, FBI Director James Comey put the number at 18 million. The Washington Post has reported that the attack originated in China, citing unnamed government officials. James Comey said: "It is a very big deal from a national security perspective and from a counterintelligence perspective. It's a treasure trove of information about everybody who has worked for, tried to work for, or works for the United States government."
The Voice of America reported in April 2020 that "U.S. intelligence agencies concluded the Chinese hackers meddled in both the 2016 and 2018 elections" and "Internet security researchers say there have already been signs that China-allied hackers have engaged in so-called "spear-phishing" attacks on American political targets" ahead of the 2020 United States elections.
In 2019, two Chinese nationals were indicted for the Anthem medical data breach. About 80 million company records were hacked, stoking fears that the stolen data could be used for identity theft. In February 2020, the United States government indicted members of China's PLA for hacking into Equifax and plundering sensitive data as part of a massive heist that also included stealing trade secrets. Private records of more than 145 million Americans were compromised in the 2017 Equifax data breach.
In July 2020, FBI Director Christopher A. Wray called China the "greatest long-term threat" to the United States. He said that "the FBI is now opening a new China-related counterintelligence case every 10 hours. Of the nearly 5,000 active counterintelligence cases currently under way across the country, almost half are related to China."
Oceania
Australia
Former Department of Defence Secretary Dennis Richardson has stated that China is engaged in extensive espionage against Australia, and included surveillance of Chinese Australian communities. Australia believes that the Chinese government have been spying on Australian businesses. A male Chinese student from Fujian was granted a protection visa by the Refugee Review Tribunal of Australia after revealing that he had been instructed to spy on Australian targets in exchange for an overseas scholarship, reporting to the Ministry of State Security. Reported targets included Chinese students with anti-Communist sentiments and Falun Gong practitioners.Nicola Roxon, the Attorney-General of Australia, blocked the Shenzhen-based corporation Huawei from seeking a supply contract for the National Broadband Network, on the advice of the Australian Security Intelligence Organisation. The Australian government feared Huawei would provide backdoor access for Chinese cyber espionage.
The Chinese government is suspected of orchestrating an attack on the email network used by the Parliament of Australia, allowing unauthorized access to thousands of emails and compromising the computers of several senior Australian politicians including Prime Minister Julia Gillard, Foreign Minister Kevin Rudd, and Minister of Defense Stephen Smith.
Sheri Yan and Roger Uren were investigated by the Australian Security Intelligence Organisation on suspicion of spying for China. Oren, former Assistant Secretary responsible for the Asia section of the Office of National Assessments, was found to have removed documents pertaining to Chinese intelligence operations in Australia, and kept them in his apartment. Yan was suspected of undertaking influence operations on behalf of the Chinese Communist Party, and introducing Colonel Liu Chaoying, a military intelligence officer, to Australian contacts.
Hackers either working for or on behalf of the government of China are suspected as being responsible for a cyber-espionage attack against an Australian defense company. Designated APT Alf by the Australian Signals Directorate, the hackers stole approximately 30 gigabytes of data on projects including the F-35 Joint Strike Fighter, the P-8 Poseidon, the C-130 Hercules and the Joint Direct Attack Munition. APT Alf used a remote access tool dubbed "China Chopper".
In 2017, Chinese hackers infiltrated the computers of Australian National University, potentially compromising national security research conducted at the university. In 2015, Chinese hackers infiltrated the Bureau of Meteorology.