For a long time, digital power has measured in terms of infrastructure, technological giants or available data volumes. But for a decade, another component has consolidated in the shadows, the state organization of hacking on a large scale. And in this field, China has gradually equipped itself with a singular ecosystem, mixing university institutions, supervised competitions, contracts under contract, and systematic collection channels for software flaws. The whole forms a device which goes beyond defensive cybersecurity to be part of a logic of influence, deterrence and, potentially, of anticipated military action.
TL; DR – Chinese state hacking: a strategy integrated into the power service
đź‘Ą For whom is it important?
- Managers of cybersecurity in administrations and critical companies
- Political decision -makers confronted with the digital power of China
- International Intelligence and Safety Experts
- Actors in the software and publishers of solutions vulnerable to exploitation
đź’ˇ Why is it strategic?
- China has built an offensive ecosystem combining competitions, academic research and contracts under contract
- Software faults discovered during internal competitions are used for spying purposes
- State centralization ensures Beijing priority access to vulnerabilities before their correction
- Critical infrastructure abroad is infiltrated without immediate trigger
- This cyber -repair model gives a tactical advantage in the event of a conflict or a crisis
🔧 What it changes concretely
- Hacking becomes a parapublance industry integrated into the national security strategy
- Semi-private service providers lead intrusions ordered to the municipal level
- Democracies are faced with the dilemma between operational efficiency and respect for freedoms
- Western public-private cooperation appears disorganized in the face of a unified system
- International standards on the disclosure of faults become urgent to preserve a technological balance
Progressive structuring since 2013
The major inflection dates from the arrival of Xi Jinping at the head of the Chinese state in 2013. At that time, the publication of Edward Snowden’s documents, revealing the offensive capacities of the NSA, marked a break in perception. Combined with increasing distrust of the political effects of the free Internet, this awareness has accelerated the implementation of national programs intended to strengthen the party’s technological control.
Between 2015 and 2017, several background reforms were adopted, overhaul of university cybersecurity training, financing programs of excellence, and creation of technical competitions to bring out talents. The latter are then redirected to the ministries, companies under state control, or intelligence agencies.
Tianfu Cup, national showcase, operational lever
In 2018, Beijing prohibited Chinese teams from participating in international hacking competitions such as the PWN2OWN. Instead, the government is launching its own competition, the Tianfu Cup, open to national researchers. The difference is size! Discovered vulnerabilities are not made public, but transmitted to the authorities, which can exploit them for surveillance or spying purposes. In 2021, several sources revealed that certain flaws discovered in this context had been used to monitor targeted populations, including Uighurs in Xinjiang.
This strategy is based on a centralized and legally supervised approach: since 2021, any company or institution discovering a software flaw is required, within 48 hours, to make the declaration to the administration. Officially, this measure aims to avoid information leaks. But it also guarantees the government priority access to usable vulnerabilities even before they are corrected by software publishers.
When hacking becomes a public market
A turning point occurred with the flight, in 2024, of internal documents to the Chinese company ISOON, specialized in cybersecurity. Published on Github, these elements reveal exchanges between engineers leading intrusions on order. What surprises, beyond the operations themselves, is the local anchoring of these practices. ISOON did not only act for national agencies, certain orders came from municipal police stations, revealing a form of capillarity of the public order of offensive cybersecurity.
This system is based on semi-private providers to which the State entrusts targeted missions. In some cases, these companies ensure the act, based on vulnerabilities identified in national competitions or collected via regulatory channels. The link between the state apparatus and the private actors is thus direct, operational, and not very transparent.
Critical infrastructure as target
Over the years, identified actions have moved from conventional political objectives (spying, surveillance) to infrastructure targets. Electrical networks, water treatment systems, telecoms, or electric vehicle charging stations, all these areas have been tested, even infiltrated, without immediate effect, but with the aim of remaining present and discreet.
This so -called “prepositioning” strategy aims to guarantee China a capacity for action in the event of a crisis. Experts speak of “living off the land” operations, intrusions take place without exotic software, from the tools available on targeted machines, making their detection particularly complex. Several recent cases, notably in Guam, a strategic territory close to Taiwan, suggest an increase in these silent intrusions in the American military and federal ecosystem.
What can democracies faced with such a model?
Comparison with the United States shows differences in structure as much as philosophy. American agencies also collect vulnerabilities, but their use remains compartmentalized, without regulatory equivalent obliging to transmit detected faults. The competitions are more decentralized, the link with the less direct state.
Faced with the effectiveness of the Chinese model, democracies are faced with a difficulty, how to strengthen their security without adopting the logics of systematic control that they denounce? The response could go through the creation of international standards on the disclosure responsible for vulnerabilities, encouragement to private-public cooperation more fluid, and a targeted strengthening of the means dedicated to the defense of critical infrastructure.
In conclusion
The rise of China in the hacking field is neither spontaneous nor disorderly. It is based on a strategic choice of investment, supervision and integration between the civil, academic and military spheres. This model raises many questions for democratic powers, should we try to imitate it, seek to force it by international law, or build another way of resilience? The answer, still uncertain, will draw part of the technological balances of the decades to come.
