CHINA is waging a colossal cyber war against the West with waves of dangerous state-sponsored hacking operations sowing carnage, experts warn.
Beijing has built a powerful spy agency of skilled hackers – often called Salt Typhoon – conducting digital espionage and infiltrating critical infrastructure.
The UK and the United States have accused China of a global campaign of “malicious” cyber attacks in an unprecedented joint operation to reveal Beijing’s espionage.
Just days ago, Australia’s spy chief said hackers linked to the Chinese government and military are targeting critical infrastructure.
He warned of “unprecedented levels of espionage”.
A number of high-profile attacks are suspected to have been orchestrated by the notorious Salt Typhoon group – a hacking army operating out of China, believed to be run by the very top levels of government.
Their cyber-espionage has been active since at least 2020 – with a massive escalation in activity in 2023, 2024 and continuing through 2025.
The hackers have been behind some of the biggest – and most highly sophisticated – cyber attacks targeting Western countries, including the worst hack in US history.
Last year, US officials said Salt Typhoon hackers targeted the telecom data of top US politicians – including those of Donald Trump, JD Vance and Kamala Harris.
Hackers had accessed the systems of nine American telecoms companies – revealing calls, texts, IP addresses and phone numbers from more than a million users.
Much of the data accessed belonged to “government targets of interest“, former deputy national security adviser Anne Neuberger said at the time.
Leading cybersecurity expert Will Geddes warned: “All these attacks have been traced to companies and individuals that are known to have links with the intelligence agencies within China.”
Identified as a dangerous threat operating on behalf of China’s Ministry of State Security, Mr Geddes revealed that access to critical infrastructure is a “strategic prize” for hostile nations like China.
Gaining such sensitive information could cause widespread chaos in the West – providing China with near real-time visibility into communications.
Hackers could cause “infrastructure halts” or communication blackouts in targeted areas during a conflict – plunging enemies into darkness.
“Why this matters to all of us, and not just those government agencies, is that access to carrier infrastructure is a strategic prize,” Mr Geddes said.
“It can provide near real-time visibility into communications, historical metadata, location information and, in targeted cases, intercepted content.
“That gives a state actor a powerful tool for not only counterintelligence, but political, strategic targeting, and long-term intelligence collection.
“They can also use this information to disrupt networks, and confuse networks, which, as a hostile state actor, could be hugely, hugely beneficial to them if used in conjunction with other means and other methods of attack to a particular country.”
West in crosshairs
Earlier this year, British intelligence authorities for the first time revealed that Chinese state-sponsored hackers were found inside the country’s critical national infrastructure.
GCHQ said the hackers, with links to different Chinese cybersecurity companies, infiltrated governments, telecoms, transport and military infrastructure in the last four years.
US officials said the group have infiltrated more than 200 targets in more than 80 countries – and may have stolen information from nearly every American.
In April this year, the FBI announced a $10million bounty for information on individuals associated with Salt Typhoon.
According to a report by the New York Times, intel chiefs believe it is evidence that China’s capabilities rival those of the United States and its allies.
Mike Burgess, head of the Australian Security Intelligence Organisation (Asio), said authoritarian regimes like China were now more willing to “disrupt and destroy”.
Major cyberattacks linked to China
Ministry of Defence Payroll Hack (2024): Suspected Chinese attack exposing personal/financial data of 270,000 UK armed forces personnel.
Salt Typhoon (2023–Present): Compromised US and UK telecommunications specifically to track high-value individuals and infiltrate lawful wiretap systems.
UK Electoral Commission (2021–2022): Breached UK voter databases, accessing the personal data of 40 million Britons.
APT31 Campaign (2021): Targeted the email accounts of British Members of Parliament (MPs) who were critical of China.
Volt Typhoon (2021–Present): Infiltrated US and UK critical infrastructure (energy, water, transport) to pre-position for future disruptive attacks.
Microsoft Exchange / HAFNIUM (2021): Mass exploitation of email servers affecting 30,000+ organizations globally, including many in the UK.
Equifax Breach (2017): Military hackers stole personal financial data of nearly 150 million Americans.
OPM Hack (2015): Stole sensitive security clearance files of 22 million US federal employees.
Operation Cloud Hopper (2014–2018): Compromised global IT service providers (MSPs) to steal widespread intellectual property from Western companies.
Mr Geddes explained that Beijing has been masterminding all these cyber operations against Western countries to target critical infrastructure for digital espionage.
“Their main objective is counterintelligence,” Mr Geddes added.
Cybersecurity companies in the West believe Salt Typhoon hackers target the servers and routers of major telecommunications and internet companies – as well as critical national infrastructure.
Experts say they exploit known vulnerabilities in firewalls, routers, and VPN products.
And by infiltrating sensitive infrastructure, they can gather vast amounts of user data – ranging from personal messages to top state secrets.
Crucially, accessing critical infrastructure would allow rogue actors to shut down power, water and other assets.
Operating in the shadows
However, the Chinese government very cleverly does not engage directly in these counterattacks – leaving little to no digital footprint that could be traced back to Beijing.
Proxy groups and fake companies are ordered to carry out sophisticated operations so that they are not traced back to the Chinese state – hiding behind a complex web of teams, Mr Geddes explained.
He said: “They will not necessarily originate these attacks out of their own buildings, but through proxies, through entities and companies, which will allow them to present what we would call plausible deniability.”
Mr Geddes said the sophistication of these attacks makes them very hard not to be perceived as state-driven operations by rogue nations.
“In terms of the targets, there have been some commercial and private entities,” he said.
“But the vast majority have been government entities, and again, going through those internet service providers.
“One of the biggest concerns about these attacks is not only that they have targeted multiple agencies and government departments, but many of the United States’ largest telecoms and ISP providers.”
Former Tory leader Iain Duncan Smith previously told The Sun that such cyber attacks are just the tip of the iceberg – with Beijing waging a colossal cyber war on the West.
He said: “This is China – the second largest economy in the world, the second largest military. It plans to take over America.
“They are very significant players now. They want to make sure the world is run in their way of thinking.
“If they can confuse us, make us unsure, disinform us, create division, then that plays well to their plans. China is working constantly to undermine us. This is the reality of what’s happening.
“This is just the beginning of what is essentially a war.”
Are Western countries prepared?
While awareness of the threat has increased dramatically since 2023, most experts and officials agree that critical infrastructure in the West remains highly vulnerable to Chinese cyber attacks.
They say Western nations are actively trying to counter these attacks, but they face significant challenges that limit their effectiveness.
Mr Geddes highlights that intelligence agencies – specifically the FBI and CISA in the US, and GCHQ in the UK – are working “behind the scenes” to discover and remove the malicious exploits used by Salt Typhoon.
GCHQ previously said that China is the agency’s top priority as it “poses a genuine and increasing cyber-risk to the UK”.
Anne Keast-Butler, the agency’s director, accused Beijing of “working with others to try and reshape the world”.
US and allied intelligence agencies are now actively hunting on critical networks to find and remove Chinese hackers before a conflict begins.
The FBI and international partners have launched operations to identify and remove Chinese malware from networks (networks of infected home routers and cameras) that Chinese hackers use to hide their tracks.
Meanwhile, governments are increasingly forcing private companies in critical sectors to meet stricter cybersecurity standards.
