ArchiveOODA Original

China Keeps U.S. Cyber Operations in the News

In March 2022, the Chinese cybersecurity company Pangu Lab attributed cyber espionage targeting Chinese organization to the United States’ premier signals intelligence agency. The Chinese company Qihoo 360 had done this in 2020 when it attributed hostile cyber activity to the Central Intelligence Agency (APT-C-39). In the past, Beijing appeared content to ride out global accusations of its own malicious cyber activities, issuing official denials and allowing any public furor to recede until the next time new accusations via a cybersecurity vendor report emerged. This strategy has worked, as despite suspicions and indictments, governments continued to engage China willingly despite the 500-pound cyber espionage elephant in the room.

However, recently China has appeared to change its approach, shedding its passivity in favor of defending itself on the global stage, and more than happy to confront its critics. This has been abundantly clear with China becoming very active recently in pointing out alleged U.S. cyber malfeasance. As raised in an earlier OODA Loop article, China has become more assertive in its dealings with the United States, willing to engage Washington over contentious issues in the world of public opinion. Coming on the heels of Pangu Lab’s declassified technical report on National Security Agency (NSA) cyber activities, China’s National Computer Virus Emergency Response Center claimed it had captured an NSA tool dubbed “NOPEN” able to control global Internet equipment and  lurk in a network and access and exfiltrate sensitive information. The tool was also part of the Shadow Brokers leak of alleged NSA tools in 2017.

Additionally, in mid-March 2022, the Cyberspace Administration of China (CAC) said it had been the victim of ongoing attacks since February 2022, originating from U.S.-based IP addresses. These were used to take control of Chinese computers in order to be leveraged against organizations in Belarus, Russia, and Ukraine. While the CAC did not blame the United States government directly, the statement was clearly designed to cast mud against Washington whose ties with Beijing have become increasingly strained over China’s relationship with Russia amid the Ukraine conflict, among other social and economic issues.

Then on March 23, Qihoo 360 again published its findings, accusing the United States’ NSA of stealing a substantial amount of critical data via a long-running cyber espionage campaign using QUANTUM attack tool.  Per the company’s senior executive, the NSA hacking team the company dubs “APT-C-40” has been attacking China’s leading companies, governments, research institutes and infrastructures over the past decade. According to Qihoo 360, the NSA has used quantum technology to execute cyber operations against global Internet users that access popular websites like Facebook, Twitter, YouTube, and Amazon, and even the Chinese social media platforms QQ and Tencent. The NSA did not comment on the accusation.  China’s foreign minister spokesman reiterated this point, publicly calling on the United States to stop hacking out of political interest.

China’s persistence at pointing out U.S. cyber malfeasance comes at a tumultuous time, as Beijing tries to strengthen ties with Washington without sacrificing its commitment to Moscow. There are so many contested areas from China’s potential material and financial assistance to Russia on Ukraine, the looming Taiwan matter, and contentious trade issues between China and the United States. As these issues continue to be ironed out, Beijing finds itself caught between two adversarial global powers, an unenviable position but one that Beijing feels confident to withstand, especially as it patiently waits to see how the Ukraine situation helps or hurts Washington.

The increased alleged exposure of U.S. surreptitious cyber activities against China is less about trying to convince the world that the United States maintains a global surveillance apparatus.  The Edward Snowden leaks blew away any lingering suspicions of this long ago. These Chinese vendor reports are more about sending a message to Washington, letting it know that just because China hasn’t said anything doesn’t mean it hasn’t been monitoring its most clandestine cyber teams operate. The United States isn’t the only country that has the capability to track the most sophisticated threat actors operating in cyberspace, and Beijing is letting the United States know just that.

The United States is trying to pressure China on Ukraine with the threat of “economic consequences” if Beijing doesn’t comply. But this did little to influence China’s behavior in the past, and now that it is arguably in a stronger position, it likely won’t now. That is not to say Beijing will help Russia; it may not, or if it does, just marginally. China is not without its own ability to inflict severe economic retaliation.  But Beijing certainly feels that it is in the driver seat now, and it may be right.  Both Russia and the United States want something from it and so Beijing finds itself being courted by two adversarial suitors. It’s a geopolitical tightrope but if navigated successfully will invariably find China in a stronger position from which to benefit its own strategic interests.

This obviously raises substantial questions, particularly on the global stage as to what China will do, or at least, what is China thinking?  And this is where cyber espionage comes in handy, able to surreptitiously gain access into sensitive networks that might provide insight into what decisions may be made. With these accusations, Beijing has put Washington on notice that it is watching what it does in cyberspace, and by doing so, almost baiting the United States to act.  Should relations trend on the downward spiral, Beijing may continue to ramp up its game, capitalizing on the opportunity to turn the tables on the United States and impose its own cyber sanctions or legal indictments the next time it “catches” Washington. If so, the United States might find itself on the defense as China further closes the gap in the great power competition between the two nations.

Become A Member

OODA Loop provides actionable intelligence, analysis, and insight on global security, technology, and business issues. Our members are global leaders, technologists, and intelligence and security professionals looking to inform their decision making process to understand and navigate global risks and opportunities.

You can chose to be an OODA Loop Subscriber or an OODA Network Member. Subscribers get access to all site content, while Members get all site content plus additional Member benefits such as participation in our Monthly meetings, exclusive OODA Unlocked Discounts, discounted training and conference attendance, job opportunities, our Weekly Research Report, and other great benefits. Join Here.

Related Reading:

Explore OODA Research and Analysis

Use OODA Loop to improve your decision making in any competitive endeavor. Explore OODA Loop

Decision Intelligence

The greatest determinant of your success will be the quality of your decisions. We examine frameworks for understanding and reducing risk while enabling opportunities. Topics include Black Swans, Gray Rhinos, Foresight, Strategy, Stratigames, Business Intelligence and Intelligent Enterprises. Leadership in the modern age is also a key topic in this domain. Explore Decision Intelligence

Disruptive/Exponential Technology

We track the rapidly changing world of technology with a focus on what leaders need to know to improve decision-making. The future of tech is being created now and we provide insights that enable optimized action based on the future of tech. We provide deep insights into Artificial Intelligence, Machine Learning, Cloud Computing, Quantum Computing, Security Technology, Space Technology. Explore Disruptive/Exponential Tech

Security and Resiliency

Security and resiliency topics include geopolitical and cyber risk, cyber conflict, cyber diplomacy, cybersecurity, nation state conflict, non-nation state conflict, global health, international crime, supply chain and terrorism. Explore Security and Resiliency


The OODA community includes a broad group of decision-makers, analysts, entrepreneurs, government leaders and tech creators. Interact with and learn from your peers via online monthly meetings, OODA Salons, the OODAcast, in-person conferences and an online forum. For the most sensitive discussions interact with executive leaders via a closed Wickr channel. The community also has access to a member only video library. Explore The OODA Community

Emilio Iasiello

Emilio Iasiello

Emilio Iasiello has nearly 20 years’ experience as a strategic cyber intelligence analyst, supporting US government civilian and military intelligence organizations, as well as the private sector. He has delivered cyber threat presentations to domestic and international audiences and has published extensively in such peer-reviewed journals as Parameters, Journal of Strategic Security, the Georgetown Journal of International Affairs, and the Cyber Defense Review, among others. All comments and opinions expressed are solely his own.