The Chinese regime’s cyberespionage campaign will likely become more sophisticated in targeting key adversaries in 2025, particularly the United States, experts have warned. The situation calls for collaborative counteroperations among Quad alliance partners—the United States, India, Japan, and Australia. These nations are targeted by Beijing, but several gaps currently impede their collective efforts, analysts said.
In the past several weeks, Chinese Communist Party (CCP) hackers have been in the headlines.
The latest disclosure came on Jan. 8, as Japan linked more than 200 cyberattacks over the past five years to CCP hacking group MirrorFace. Japan detailed the group’s tactics and called on government agencies and businesses to reinforce preventive measures.
Those cyberattacks targeted Japan’s foreign and defense ministries and its space agency. Politicians, journalists, private companies, and think tanks were also attacked.
Early last month, CCP cyberattackers hacked into the U.S. Treasury Department’s workstations remotely and stole documents.
In the breach, described as a “major incident” by the Treasury Department, Chinese regime-backed hackers compromised a third-party software service provider, Beyond Trust, and accessed unclassified documents.
The December incident happened amid cybersecurity breaches by another Beijing-backed hacking group, Salt Typhoon, which has been involved in a cyberespionage campaign since 2022. These attacks have already affected nine telecom companies, including Verizon, AT&T, and Lumen Technologies.
Jen Easterly, director of the U.S. Cybersecurity and Infrastructure Security Agency, highlighted the geopolitical context of Beijing’s increasing cyberespionage in a Jan. 15 blog post titled “Strengthening America’s Resilience Against the PRC Cyber Threats.”
“A crisis in Asia, precipitated by an invasion of Taiwan or a blockade of the Taiwan Strait, could have very real consequences for the safety and security of American citizens here at home,” Easterly wrote.
Such an invasion, she wrote, could be followed by disruptive attacks against “everything, everywhere, all at once.” Those attacks could hit transportation nodes, telecommunications services, power grids, water facilities, “and likely much more,” she wrote.
According to Easterly, the CCP’s goal in such a campaign would be “inducing societal panic and deterring our ability to marshal military might and citizen will to expend American blood and treasure in defense of Taiwan.”
Neehar Pathare, CEO of 63SATS, a cybersecurity company that stated it has thwarted 20 million attacks on its platforms in the past two decades, told The Epoch Times that state-sponsored attackers often infiltrate systems stealthily, waiting for opportune moments to strike.
According to Pathare, Taiwanese government departments in 2024 faced 2.4 million cyberattacks daily, predominantly from the Chinese regime.
“China’s state-affiliated cyber operations focus on intellectual property theft and strategic espionage, aiming for long-term access,” Pathare said. “Increased investments in cyber ranges and critical infrastructure signal China’s readiness for future disruptions, posing risks to India, the U.S., and Europe.”
He cited the hacking group RedEcho, which was linked to CCP military intelligence and was responsible for targeting India’s power grid after 2020’s bloody Galwan conflict between Indian and Chinese regime troops.
Cyberthreats to Quad Nations
Microsoft’s 2024 Digital Defense Report highlights the need for the Quad nations to come up with robust joint counterespionage operations.
According to the report, “The United States is consistently among the countries most impacted by the nation-state cyber threat activity that Microsoft observes.”
In the Indo-Pacific, India is the third most targeted country, after Taiwan and South Korea. Australia is the sixth most targeted, while Japan is the eighth most targeted.
“This past year, nation-state affiliated threat actors once again demonstrated that cyber operations—whether for espionage, destruction, or influence—play a persistent supporting role in broader geopolitical conflicts,” the report states.
The United States continues to be one of the countries most affected by nation-affiliated cyberattacks.
Easterly wrote that Beijing’s “sophisticated and well-resourced cyber program” is a threat to the United States’ critical infrastructure, including power grids and gas pipelines.
According to the U.S. Cybersecurity and Infrastructure Security Agency, the hackers target 16 critical infrastructure sectors linked with digital infrastructure.
Thirty-three percent of the overall CCP threat activity was aimed at the United States. East Asia and the Pacific received 39 percent of the onslaught, while South Asia received 4 percent, according to the Microsoft report.
Nishakant Ojha, a senior adviser to the Washington-based Global Policy Institute and an expert in cyberaerospace and national securities, told The Epoch Times that the Chinese regime’s Ministry of State Security plays a central role in orchestrating its cyberespionage campaign. It often hires contractors to conduct cyberintrusions.
“Looking ahead to 2025, China’s cyber capabilities are expected to become increasingly sophisticated,” Ojha said. “The integration of artificial intelligence into cyber operations is anticipated to enhance the efficiency and effectiveness of cyber espionage activities.”
He said that innovation in Chinese cybertechnologies will likely create new targets and new startups for developing such technologies.
According to Ojha, the Chinese regime’s military goals for 2025 include enhancing military capabilities, heightening military exercises near Taiwan, cyberwarfare and cyberespionage, strategic military planning, and regional power projection. The aim is to gain military supremacy in the Indo-Pacific and challenge the United States and its partners in the region.
“These developments suggest that by 2025, [China’s military] will be better equipped and more assertive, potentially destabilizing regional security dynamics and increasing the likelihood of military confrontations,” Ojha said. Cyberespionage campaigns will be part and parcel of these confrontations.
Counteroperations by Quad
According to experts, the emerging and heightened geopolitical situation facing the Quad countries requires that they strengthen collective cyber counteroperations.
Pathare cited the Quad’s set of guiding principles aimed at enhancing the development of critical infrastructure cybersecurity, supply chain risk management, software security, and workforce development.
The Quad’s senior cybergroup also announced the continuation of the alliance’s “cyber challenge” in October 2024. The theme of the current challenge is “promoting cybersecurity education and building a strong workforce” in the Indo-Pacific. The challenge was launched last year to “promote responsible cyber habits across [Quad partners’] nations, regions, and beyond,” the State Department stated at the time.
Satoru Nagao, a nonresident fellow at the Washington-based Hudson Institute, told The Epoch Times that cybersecurity comes under the aegis of national security cooperation. While the Quad is not a military alliance, its leaders have emphasized the military aspects of their partnership.
In some areas, military cooperation has also progressed, he said. This obviously has geopolitical undertones.
All four Quad countries are also involved in various military exercises involving each other. Thus, joint cyber counteroperations are feasible and attractive to them, according to the Tokyo-based expert.
“One of the purposes of the Quad is to cooperate with India,” Nagao said. “Because India is the main supplier of software, this area is an attractive area of cooperation for the other three countries with India.”
He said that cybercooperation has wider potential, including for software development, cyberdomain awareness, and cyberwarfare.
The joint statement of the Quad 2024 summit highlights the need for protecting critical infrastructure from increasing cyberthreats.
“We plan to coordinate joint efforts to identify vulnerabilities, protect national security networks, and critical infrastructure networks, and coordinate more closely including on policy responses to significant cyber security incidents affecting the QUAD’s shared priorities,” the joint statement reads.
Nagao said the statement highlights that cybersecurity cooperation is part of the wider matrix of cooperation between Quad nations.
According to Pathare, new rules mandate that attacks be immediately acknowledged and reported. This can help identify threats in a timely manner and enable swift countermeasures.
“Economic penalties and cyber countermeasures should be aligned to deter aggressive state actors effectively,” he said.
Ojha said that despite growing cooperation, several gaps hinder a joint effective counterespionage strategy. These gaps, he said, include a historical lack of trust in intelligence sharing and asymmetric cybercapabilities among the four nations. The United States leads in infrastructure development, while India is still working on its framework.
Other hindering factors include diverging legal and policy frameworks, gaps in resources and technology, and differences in strategic priorities.
“Addressing these bottlenecks requires building mutual trust, harmonizing legal frameworks, closing capability gaps through capacity-building initiatives, and fostering equitable technological collaboration,” Ojha said.
The Associated Press contributed to this report.