ArchiveOODA OriginalSecurity and Resiliency

Increasing China’s U.S. Cyber Espionage Allegations Support Internet Governance Aspirations

Recently, Chinese media has published articles about a report provided by Burmese-based Anzer, a cybersecurity company that detailed alleged U.S. military and government agencies efforts to remotely steal more than 97 billion pieces of global Internet data, and 124 billion phone records in the last 30 days.  The report specifically details the suspected involvement of the National Security Agency’s Tailored Access Operations (TAO), an elite cyber group believed to be involved of some of the United States’ more surreptitious cyber activity. Anzer’s report supposedly revealed another weapon platform – “boundless informant” – a tool that allows for big data summary analysis and visualization. At this time, attempts to acquire this report have not been successful, and it information pertaining to it has been made available through news sources, many of them English versions of Chinese outlets, and even mentioned in China’s Foreign Ministry spokesman’s press conference remarks.

The report comes on the heels of other, albeit primarily Chinese, cybersecurity vendor reporting that has attempted to expose U.S. hostile cyber activities that have sought to surveil and collect information on targets.  In March 2022 and in 2020, two Chinese companies and a Chinese government agency made similar claims, publishing material that they claimed tied the United States to ongoing global cyber espionage activity. The reports pulled no punches, specifically identifying the United States and its agencies as being the perpetrators.  It was clear that Beijing had its fill of enduring years of being publicly called out for its pervasive and illicit sensitive data and intelligence collection operations.

However, unlike the previous reporting, this latest Anzer report has taken a step further in attributing this data collection not to just a government, but a specific entity within the U.S. most sophisticated and advanced technical collection intelligence agency.  While earlier reports alluded to U.S. intelligence and even Edward Snowden’s exposure of purported internal NSA documentation, Anzer’s report profiled TAO, citing the size of its diversely skilled workforce as well as intimating TAO’s importance to offensive U.S. cyber operations, and intimating that U.S. hardware and software companies are involved with U.S. cyber weapon development. For China, the culmination of cybersecurity company reporting reinforces its supposition that the United States, and not China, is the global problem when it comes to illegal data theft.

Critics of these reports state that the information provided is not new and has been cobbled from other already published or publicly accessible sources. While this may or may not be true, there is little doubt as to the stalwart capability of the United States as a cyber power, either to exploit targets or cause more disruptive and/or destructive results.  Therefore, there must be a deeper reason for such reporting to be continued to be published and promoted by Chinese media.  If it’s not to increase situational awareness and improve the cyber security practices of organizations, then there must be some intrinsic value in attributing these activities to the United States.

Cyber activities do not happen in a vacuum and are generally not conducted without a larger purpose in mind whether that be intelligence collection, data theft, propaganda/disinformation, or to gain some political advantage in exposing them to a global audience.  For example, once several U.S. cybersecurity vendors started publicly tying the Chinese government to cyber espionage (starting with APT 1 report published in 2013) in the hopes of naming and shaming Beijing to change their behavior, and ongoing effort that may have influenced the United States and China to sign their short lived, and  ultimately unsuccessful, no-hack pact for commercial advantage in 2015.  The agreement abated activity temporarily, with Chinese cyber espionage ramping up shortly thereafter.

However, when it comes to public attribution, governments must think there is some political advantage to publicly attributing these activities to an offending government.  Dovetailing with the consecutive reports of U.S. hostile cyber activities, Chinese press has pressed U.S. culpability in this area, calling it the gravest threat to global cybersecurity and citing the perils of digital hegemony practiced by the United States.  Building on this, the Chinese press has even intimated that the Western intelligence of Australia, Canada, New Zealand, United Kingdom, and the United States known as the Five Eyes benefit from these alleged U.S. cyber operations to fabricate evidence against China in order to tarnish Beijing’s public perception and reduce its influence and rise as a global power.

China’s aggressive campaigns to turn the tables on the Washington comes at a time when the global community may not perceive the United States as strong as it has in the past, and U.S. foreign policy has been marred by jarring discontinuities, calling into question its stature as the global leader.  Complicating the U.S. condition are internal strife in the forms an ongoing border crisis, social protests, a public politically at odds with one another,  a haphazard Afghanistan withdrawal, and plummeting approval ratings for the U.S. president have helped shape the perception that the United States is weak.  This has escalated to the point where friendly foreign governments have ignored the U.S. president’s calls, and critical Central American partners in addressing illegal immigration like Mexico, Guatemala, Honduras boycotted a recent America’s summit hosted by the United States.

Beijing clearly is taking advantage of this moment to continue to chip away at the United States’ image by keeping attention on Washington’s surreptitious cyber activities. Whereas naming and shaming an authoritarian regime may not be a surprise, the same against a country promoting democratic principles is another matter. And while currently, China is primarily leading the charge in shining the light on U.S. cyber malfeasance, continued degradation of U.S. standing in the world may solicit support from other outlets that may capitalize on the opportunity should this crusade gain momentum.  Such media warfare activities are designed to influence international public opinion to build support for China’s interests by generating support home and abroad and weaken the adversary’s situational assessment. The more the United States is caught up in multiple domestic and international crises, the more China is able to pursue its national interests such as expanding its global military footprint and ratchet up its Taiwan unification goals, among others.

While both the United States and China are now publicly attributing cyber attacks to governments, the difference between the two is that Washington tries to implement it as part of its broader cyber deterrent strategy (along with sanctions and indictments), whereas Beijing uses the tactic to dirty the U.S.’ image and reputation in order to obtain more strategic gains. In this regard, Beijing is more interested in slowly and steadily eroding U.S. influence and shape global perception on U.S. goals in cyberspace than deter any tactical U.S. cyber operations. This serves the interests of China’s longer strategic goals, especially as Internet governance and cyber norms of behavior continue to be hashed out for codification. Beijing able to help inject either of these with “Chinese characteristics” would be a key foothold to enable China’s continued ascent in a domain whose importance only increases with time.

Related Reading:

Explore OODA Research and Analysis

Use OODA Loop to improve your decision making in any competitive endeavor. Explore OODA Loop

Decision Intelligence

The greatest determinant of your success will be the quality of your decisions. We examine frameworks for understanding and reducing risk while enabling opportunities. Topics include Black Swans, Gray Rhinos, Foresight, Strategy, Stratigames, Business Intelligence and Intelligent Enterprises. Leadership in the modern age is also a key topic in this domain. Explore Decision Intelligence

Disruptive/Exponential Technology

We track the rapidly changing world of technology with a focus on what leaders need to know to improve decision-making. The future of tech is being created now and we provide insights that enable optimized action based on the future of tech. We provide deep insights into Artificial Intelligence, Machine Learning, Cloud Computing, Quantum Computing, Security Technology, Space Technology. Explore Disruptive/Exponential Tech

Security and Resiliency

Security and resiliency topics include geopolitical and cyber risk, cyber conflict, cyber diplomacy, cybersecurity, nation state conflict, non-nation state conflict, global health, international crime, supply chain and terrorism. Explore Security and Resiliency


The OODA community includes a broad group of decision-makers, analysts, entrepreneurs, government leaders and tech creators. Interact with and learn from your peers via online monthly meetings, OODA Salons, the OODAcast, in-person conferences and an online forum. For the most sensitive discussions interact with executive leaders via a closed Wickr channel. The community also has access to a member only video library. Explore The OODA Community

Emilio Iasiello

Emilio Iasiello

Emilio Iasiello has nearly 20 years’ experience as a strategic cyber intelligence analyst, supporting US government civilian and military intelligence organizations, as well as the private sector. He has delivered cyber threat presentations to domestic and international audiences and has published extensively in such peer-reviewed journals as Parameters, Journal of Strategic Security, the Georgetown Journal of International Affairs, and the Cyber Defense Review, among others. All comments and opinions expressed are solely his own.