Survey of Chinese Espionage in the United States Since 2000

This updated survey is based on publicly available information and lists 224 reported instances of Chinese espionage directed at the United States since 2000. It does not include espionage against other countries, against U.S. firms or persons located in China, nor the many cases involving attempts to smuggle controlled items from the U.S. to China (usually munitions or controlled technologies) or the more than 1200 cases of intellectual property theft lawsuits brought by U.S. companies against Chinese entities in either the U.S. or China. The focus is on the illicit acquisition of information by Chinese intelligence officers or their agents and on the increasing number of Chinese covert influence operations.

Chinese espionage is undertaken in pursuit of China’s strategic objectives. This is a change from the past where commercial motives were often equally important, but commercial espionage by both private and government entities remains a feature of Chinese spying. When Xi Jinping took office, first as Chair of the Central Military Commission in November 2012 and after he became President in March 2013, one of his first acts was to repurpose and reorient China’s collection priority to better serve long -term goals, clamping down on what appeared to be collection by some PLA units intended for personal gain (i.e. stealing commercial technology and providing it to private companies for cash or favors) as part of his larger campaign against corruption. Of the 224 incidents, we found that 69% were reported after Xi took office.

We have divided the publicly know incidents into categories of military, political, and commercial espionage, and covert efforts to influence the target nation’s politics. These categories are not hard and fast, since in many cases, an incident showed that Chinese collectors obtained information of both commercial and military value. A few cases reflect what seem to be global campaigns aimed at commercial, military and government targets in many countries and lasting for years. 

It should be noted that the incidents of Chinese espionage far outnumber those by any other country, even Russia. The long-term cost to the American economy and national security cannot be precisely measured, but estimates run into the billions of dollars for commercial and technological espionage. Chinese espionage also created immeasurable damage to national security with the theft of weapons technology, including nuclear weapons test data. In the last few years, China has added the theft of massive quantities of personal information (PII), political coercion, and influence operations, to its espionage activities.

It is worth noting that while nationality is a predictive factor for espionage, ethnicity is not. Chinese nationals who come to the US to work or study are a fertile ground for recruitment. Often they intend to return to China or have close family members resident in China, making them more susceptible to coercion. In contrast, Americans of Chinese descent are very unlikely to be recruited.

The espionage problem is the result of the increasingly hostile policies of China’s ruling Communist Party. Hacking is China’s preferred mode of espionage. We found so many instances of reported Chinese cyber espionage – 104 in the last ten years – that we created a separate list (Appendix A). But hacking is not the only form of spying and China uses traditional methods of agent recruitment (usually sex or money) as well as unconventional approaches, such as buying property next to a military or research facility. While this list is not complete, certain patterns emerge. For those cases where we could identify the actor and intent, we found:

• 49% of incident directly involved Chinese military or government employees.
• 41% were private Chinese citizens.
• 10% were non-Chinese actors (usually U.S. persons recruited by Chinese officials)
• 46% of incidents involved cyber espionage, usually by State-affiliated actors.
• 29% of incidents sought to acquire military technology.
• 54% of incidents sought to acquire commercial technologies.
• 17% of incidents sought to acquire information on U.S. civilian agencies or politicians.

The Chart below shows the number of publicly reported Chinese espionage incidents over time. Perhaps the most interesting part of this chart is the sharp dip after the 2015 agreement between President Obama and President Xi to restrict commercial espionage by government entities. The decline was quickly reversed within a year of the agreement.

This list is derived from open-source material and likely does not reflect the full number of incidents. It is most likely incomplete and more anecdotal than we would like. As with any list based on publicly availed information, increased numbers of incidents could reflect an increase in activity after 2009 or it could reflect increased public reporting of espionage cases, as greater attention was paid to the problem and the U.S. government became less reluctant (at the end of the Bush Administration) to publicly identify China as the perpetrator. Since these are only reported cases, and given the clandestine nature of espionage, it is likely that this underestimates the actual scope of the problem. The list of individual incidents follows below.

May 2001: Beginning in January 2000, Hai Lin, Kai Xu, and Yong-Qing Cheng formed a joint venture with the Datang Telecom Technology Company of Beijing to steal trade secrets from Lucent.

2003: Chinese hackers exfiltrated national security information from Naval Air Weapons Station China Lake, including nuclear weapons test and design data, and stealth aircraft data.

April 2003: Katrina M. Leung was arrested for convincing an FBI agent to share classified information, which she passed on to China, over a ten-year period.

February 2004: Ronald N. Montaperto, a former DIA intelligence analyst, was arrested for providing Chinese military attaches with Secret and Top-Secret information.

July 2004: Yan Ming Shan, a Chinese employee of a U.S. software firm that develops land sensing technology for oil companies, gained unauthorized access to the company’s computer system and attempted to bring sensitive technology back to China.

April 2005: Chinese hackers infiltrated NASA networks managed by Lockheed Martin and Boeing and exfiltrated information about the Space Shuttle Discovery program.

June 2005: Noshir Gowadia, an American citizen, took six trips to China between 2003-2005 to assist with its cruise missile system by developing a stealthy exhaust nozzle and was paid at least $110,000 by China. He provided them with designs for a low-signature cruise missile exhaust system.

October 2005: Chi Mak and other Chinese intelligence operatives collected technical information about the Navy’s current and future warship technologies. Chi intended to export the information to China.

November 2005: Moo Ko-Suen was a representative for an American aerospace firm for 10 years in Taiwan, during which time he acted as an agent for the Chinese government and tried to buy sophisticated military parts and weapons, including an F-16 fighter jet engine and cruise missiles, for China.

2005: Chinese hackers infiltrated U.S. Department of Defense networks in an operation known as “Titan Rain.” They targeted U.S. defense contractors, Army Information Systems Engineering Command; the Defense Information Systems Agency; the Naval Ocean Systems Center; and the U.S. Army Space and Strategic Defense installation.

April 2006: Chinese hackers infiltrated NASA networks managed by Lockheed Martin and Boeing and exfiltrated information about the Space Shuttle Discovery program.

May 2006: Shanshan Du stole trade secret information from General Motors for the benefit of a Chinese competitor, Chery Automobile.

June 2006: Lan Lee and Yufei Ge conspired to steal trade secrets related to computer chip design and development from NetLogics Microsystems and TSMC.

July 2006: Chinese hackers infiltrated the U.S. State Department’s unclassified network and stole sensitive information and passwords.

August 2006: Chinese hackers infiltrated the Department of Defense’s non-classified NIPRNet, downloading 10 to 20 terabytes of data.

December 2006: Xiaodong Sheldon Meng, a resident of Beijing and Cupertino California, stole military IP and trade secrets from his former employer, the silicon valley firm Quantum3D.

December 2006: Fei Ye and Ming Zhong stole trade secrets from two American technology firms to benefit China. They intended to utilize the secrets to build microprocessors for their company, Supervisor Inc., which would share any profits made on the sale of chips to the City of Hangzhou and the Province of Zhejiang in China.

December 2006: Xiang Dong Yu stole trade secret information worth $50-100 million from Ford Motor Company for the benefit of Beijing Automotive Company.

December 2006: Chinese hackers infiltrated the U.S. Naval War College.

2007: Chinese hackers breached the Pentagon’s Joint Strike Fighter project and stole data related to the F-35 fighter jet.

January 2007: The National Defense University discovered Chinese malware in its computer systems.

June 2007: PLA hackers breached a Pentagon computer network serving the Secretary of Defense, forcing the network to be shut down for more than a week.

September 2007: Hackers gained access to the Department of Homeland Security’s networks through a contractor and exfiltrated unclassified information to Chinese servers.

December 2007: Chinese hackers successfully stole information from Oak Ridge National Laboratory, Los Alamos National Laboratory, and the National Nuclear Security Administration.

January 2008: Qinggui Zeng stole trade secret information related to the paint industry from an American firm for the benefit of a Chinese firm.

February 2008: The Department of Justice charged Dongfan Chung, a former Boeing engineer, with economic espionage and serving as a foreign agent for China. Prosecutors determined that he had been acting on Chinese orders since at least 1979. He stole Boeing trade secrets relating to the Space Shuttle, the C-17 military transport aircraft and the Delta IV rocket for China.

February 2008: Tai Shen Kuo, a U.S. citizen, was arrested for providing China with classified information between March 2007 to February 2008. Kuo obtained the information from a Pentagon weapons system policy analyst, Gregg Bergersen.

March 2008: Hanjuan Jin attempted to leave the country with 1000+ electronic and paper copies of proprietary information related to Motorola’s interstate communication feature.

May 2008: Chinese officials inserted spyware onto the laptop of U.S. Secretary of Commerce Carlos Gutierrez during a trade mission.

September 2008: Anne Lockwood and Fuping Liu stole trade secret information from Metaldyne to benefit a Chinese competitor, Huafu.

November 2008: Chinese hackers infiltrated the computer networks of three major oil companies and stole trade secret information.

November 2008: Chinese hackers infiltrated the networks of Barack Obama and John McCain’s presidential campaigns and exfiltrated information about future policy agendas.

November 2008: Chinese hackers infiltrated the computer network of the White House and obtained emails between senior government officials.

March 2009: David Yen Lee, a technical director with Valspar Corp, illegally downloaded Valspar trade secrets with the intent of delivering them to Nippon Paint in Shanghai, where he had accepted a vice president position.

March 2009: Chinese hackers infiltrated Coca-Cola Co. computer networks and stole trade secret information, including information related to the attempted $2.4 billion acquisition of Huiyuan Juice Group.

March 2009: Chinese hackers stole information from the Office of Senator Bill Nelson in Florida.

March 2009: A Chinese espionage network was discovered to have penetrated political, economic, and social institutions in 103 countries. The network was discovered during a 10-month investigation by researchers at InfoWar Monitor when they were called to investigate the compromise of the Dalai Lama's computer systems.

April 2009: Yan Zhu, along with unidentified co-conspirators, planned to steal trade secrets relating to computer systems and software with environmental applications from his U.S. employer.

October 2009: Hong Meng accepted employment as a faculty member at Peking University, and thereafter began soliciting funding to commercialize his research from Dupont on Organic Light-Emitting Diodes. He shared trade secret chemical processes, including those related to OLEDs, with PKU. Meng was convicted in 2010.

November 2009: Janice Capener, a Chinese national, stole trade secret information from Orbit Irrigation for the benefit of a competing Chinese firm.

January 2010: Google announced that a sophisticated attack had penetrated its networks, along with the networks of more than 30 other US companies. The goal of the penetrations, which Google ascribed to China, was to collect technology, gain access to activist Gmail accounts and to Google’s Gaea password management system.

2010: The PLA infiltrated the computer network of a Civilian Reserve Air Fleet (CRAF) contractor in which documents, flight details, credentials and passwords for encrypted email were stolen.

March 2010: NATO and the EU warned that the number of cyberattacks against their networks had increased significantly over the past 12 months, with Russia and China among the most active adversaries.

May 2010: Glenn Shriver attempted to gain access to classified national defense information on behalf of Chinese intelligence officers.

May 2010: Chinese hackers breached the computer network of the U.S. Chamber of Commerce and stole information related to U.S. industries.

August 2010: Kexue Huang, a Chinese research scientist, stole trade secret information related to organic pesticides for the benefit of a Chinese firm.

October 2010: York Yuan Chang and Leping Huang owned a company called General Technology Systems Integration, Inc. (GTSI), which was involved in the export of technology to the PRC. GTSI allegedly entered into contracts with the 24th Research Institute of the China Electronics Technology Corporation Group to design and transfer to the PRC technology for the development of two types of high-performance analog-to-digital converters.

November 2010: Zhiqiang Zhang allegedly stole trade secret information from SiRF for the benefit of a competing Chinese firm.

January 2011: A Chinese company, Pangang Group, and Walter Liew attempted to steal trade secret information related to TiO2 technology from DuPont.

February 2011: Wen Chyu Liu, a research scientist, conspired to steal trade secret information from Dow for the benefit of Chinese firms.

March 2011: Sinovel, a Chinese company, stole trade secret information related to source code and designs of superconductors from AMSC.

March 2011: Chinese hackers breached the RSA Security division of the EMC Corporation to steal information related to encryption software, compromising RSA SecureID tokens. The stolen information was used in subsequent attacks carried out by China.

April 2011: Between March 2010 and April 2011, the FBI identified twenty incidents in which the online banking credentials of small-to-medium sized U.S. businesses were compromised and used to initiate wire transfers to Chinese economic and trade companies. As of April 2011, the total attempted fraud amounts to approximately $20 million; the actual victim losses are $11 million.

April 2011: Chinese hackers engaged in a phishing campaign aimed at compromising hundreds of Gmail passwords for accounts of prominent people, including senior U.S. officials.

April 2011: Chinese hackers attempted to steal technical data from the computer systems of Oak Ridge National Laboratory.

June 2011: Beginning in 2010, Chunlai Yang conspired to steal trade secret information related to the source code of the OS for the Globex electronic trading platform for the benefit of a Chinese firm.

August 2011: Chinese hackers engaged in a series of cyber-attacks against 72 entities, including multiple U.S. government networks.

October 2011: Chinese hackers infiltrated at least 48 chemical and defense companies and stole trade secret information and sensitive military information.

November 2011: Chinese hackers interfered with U.S. satellites and stole sensitive data.

February 2012: Chinese hackers stole classified information about the technologies onboard F-35 Joint Strike Fighters.

March 2012: NASA’s Inspector General reported that Chinese hackers conducted 13 attacks against NASA computers in 2011. In one attack, intruders stole 150 user credentials that could be used to gain unauthorized access to NASA systems. Another attack at the Jet Propulsion Laboratory allowed intruders to gain full access to key JPL systems and sensitive user accounts.

March 2012: Trend Micro uncovered a Chinese cyber campaign, dubbed ‘Luckycat’ that targeted U.S.-based activists and organizations, Indian and Japanese military research, as well as Tibetan activists.

June 2012: DHS reported that between December 2011 and June 2012, Chinese hackers targeted 23 gas pipeline companies and stole information that could be used for sabotage purposes.

June 2012: P.L.A. Unit 61398 attacked Digital Bond, a SCADA security company with a spear phishing attack.

August 2012: Jerry Lee, a former CIA agent, attempted to provide China with classified information about CIA activities within China.

September 2012: Chinese hackers infiltrated Telvent Canada, an industrial automation company, and stole data related to SCADA systems throughout North America.

September 2012: Employees of a semiconductor chip equipment manufacturer stole trade secrets related to high-volume manufacturing of semiconductor wafers used in electronic devices for the benefit of a competing Chinese firm.

September 2012: Sixing Liu, a Chinese national, stole technical data related to defense items and conspired to give the information to China.

September 2012: Ji Li Huang and Xiao Guang Qi attempted to steal trade secret information related to cellular glass installation for the benefit of a competing Chinese firm.

November 2012: Wenfeng Lu, a Chinese national, stole trade secret information for medical devices from American medical equipment manufacturers for the benefit a Chinese firm.

January 2013: A Defense Science Board report found that Chinese hackers stole U.S. weapons systems designs including for the PAC-3, THAAD, Aegis, F/A-18 fighter jet, V-22 Osprey, Black Hawk, and Littoral Combat Ship.

January 2013: The New York Times, Wall Street Journal, Washington Post, and Bloomberg News experienced persistent cyberattacks, presumed to originate in China.

February 2013:  Security researchers revealed that PLA Unit 61398 had hacked 115 U.S.-victims since 2006, including organizations in the IT, aerospace, and telecommunications sectors, among others.

February 2013: DHS says that between December 2011 and June 2012, cyber criminals targeted 23 gas pipeline companies and stole information that could be used for sabotage purposes. Forensic data suggests the probes originated in China.

March 2013: Beginning in 2012, Chinese hackers targeted civilian and military maritime operations within the South China Sea, in addition to U.S. companies involved in maritime satellite systems, aerospace companies and defense contractors.

May 2013: Chinese hackers compromised the U.S. Department of Labor and at least nine other agencies, including the Agency for International Development and the Army Corps of Engineers’ National Inventory of Dams.

June 2013: PLA hackers infiltrated the computer networks of the U.S. Transportation Command and stole sensitive military information.

July 2013: Tung Pham stole trade secrets from a solar technology company for the benefit of a competing Chinese firm.

September 2013: Chinese hackers targeted three U.S. organizations, including a large American oil and gas corporation.

September 2013: Chinese hackers used malware, known as ‘Sykipot’, to target entities in the U.S. defense industrial base and companies in key industries such as telecommunications, computer hardware, government contractors, and aerospace.

October 2013: Chinese hackers targeted a U.S. based think tank.

December 2013: Six Chinese nationals conspired to steal trade secret information related to seeds from Dupont, Monsanto, and LG seeds for the benefit of Beijing Dabeinong Technology Group, a competing Chinese firm.

December 2013: Weiqiang Zhang stole trade secret information related to rice seeds from an American agricultural firm for the benefit of a Chinese firm.

February 2014: Amin Yu stole systems and components for marine submersible vehicles from U.S. manufacturers for the benefit of a state-owned entity in China.

March 2014: The OPM contractor responsible for U.S. security clearance background investigations is breached, allegedly by Chinese hackers.

May 2014: Alleged Chinese hackers posed as C-Suite executives in a spear phishing campaign to access the network of Alcoa. The hackers stole 2,907 emails and 863 attachments.

May 2014: Chinese military hackers targeted six American companies in the power, metals, and solar production industries and stole trade secret information. The U.S. Department of Justice indicted them and identified them as members of the People’s Liberation Army Unit 61398.

June 2014: Jun Xie allegedly stole trade secret information from GE Healthcare to benefit a competing entity in China.

August 2014: Community Health Systems disclosed that suspected Chinese hackers infiltrated its network and stole personal information from 4.5 million patients.

August 2014: Su Bin, a Chinese national, worked with co-conspirators in China to infiltrate Boeing’s computer networks to gain access to confidential access about the C-17, the F-22, and the F-35.

August 2014: Chinese hackers infiltrated the U.S. Investigations Services. The Office of Personnel Management discovered that China had infiltrated its networks and stolen the personal information of federal employees, including security clearance information. This was one of the first incidents as part of the larger 2015 OPM hack.

September 2014: Chinese company Huawei repeatedly attempted to steal trade secret information about robotics designs from T-Mobile.

September 2014: Benjamin Bishop was arrested for passing classified information between May 2012 – December 2012 to a Chinese national he was romantically involved with.

November 2014: Chinese hackers breached the U.S. Postal Service computer networks and exfiltrated data of approximately 800,000 employees.

November 2014: Yu Long worked at URTC from 2008-2014, but was recruited by the state-run Shenyang Institute of Automation in 2014. Upon departure Long stole confidential IP, trade secrets, and export-controlled technology to give to SIA for the benefit of China.

January 2015: Chinese hackers, including Fujie Wang, infiltrated Anthem Inc., a health insurer company, and stole data concerning approximately 78.8 million people from Anthem’s computer networks.

February 2015: Xudong Yao stole trade secret information relating to locomotives for the benefit of a Chinese firm.

March 2015: Canadian researchers say Chinese hackers launched a DDoS attack against U.S. hosting site GitHub. GitHub said the attack involve a wide combination of attack vectors and used new techniques to involve unsuspecting web users in the flood of traffic to the site. According to the researchers, the attack targeted pages for two GitHub users – GreatFire and The New York Times’ Chinese mirror site – both of which circumvent China’s firewall.

May 2015: Xiwen Huang, a Chinese businessman, stole confidential and trade secret information – including intellectual property – from an unnamed government research facility related to military vehicle fuel cells, for the benefit of China.

May 2015: Beginning in 2014, Thomas Rukavina stole and passed on trade secret information from PPG to a competing Chinese firm.

May 2015: Chinese nationals Wei Pang and Hao Zhang stole trade secrets related to the development of thin-film bulk acoustic resonator (FBAR) technology for the benefit of China.

May 2015: Chinese hackers exfiltrated significant amounts of customer data from United Airlines.

September 2015: Robert O’Rourke allegedly illegally downloaded data from his employer, an American manufacturer of cast-iron products. O’Rourke had accepted a similar position with a rival firm in China and was planning to use the stolen IP to improve the competitiveness of his new firm’s products.

November 2015: Dutch security firm Fox-IT identified a Chinese threat actor, ‘Mofang’, that had launched cyber-attacks against government civilian and military agencies in the United States and other industries, including corporations conducting solar cell research.

December 2015: Chinese National Xu Jiaqiang conspired to steal source code from an unnamed U.S. company where he worked as software developer. Xu intended to transfer the stolen code to benefit China’s National Health and Family Planning Commission.

January 2016: Tao Li and co-defendants Yu Xue & Yan Mei engaged in conspiracy to steal trade secrets from GlaxoSmithKline (GSK) for the benefit of a Chinese firm.

March 2016: Kun Shan Chun, a naturalized U.S. citizen, was sentenced to 24 months in prison for acting as an agent of China. Chun, an FBI employee with a top-secret clearance, provided a Chinese government official with sensitive, nonpublic information about FBI surveillance methods, internal organization, and identify and travel patterns of an FBI special agent.

April 2016: Szuhsiung Ho, an American nuclear engineer employed as a consultant by CGNPC, provided engineers and experts to assist CGNPC in developing nuclear material and reactors between 1997 and 2016 without authorization from DOE.

April 2016: U.S. Steel accused Chinese government hackers of stealing proprietary information about steel production techniques for the benefit of Chinese steel producers.

March 2017: A State Department employee with TS clearance provided copies of internal Department of State documents to Chinese intelligence officers.

April 2017: Cybersecurity researchers revealed a growing cyber-espionage campaign originating in China and targeting construction, engineering, aerospace and telecom companies, as well as government agencies, in the U.S., Europe, and Japan.

April 2017: CrowdStrike observed a China-based adversary target a U.S.-based think tank. CrowdStrike later named the adversary “Mustang Panda.”

May 2017: Beginning in 2011, Hackers from the internet security firm Boyusec (which has ties to MSS) compromised the networks of three companies over a multi-year period and gained access to confidential documents and data, including sensitive internal communications, usernames and passwords, and business and commercial information.

June 2017: U.S. citizen Shan Shi and Chinese national Gang Liu worked on behalf of Chinese company CBM-Future New Material Science and Technology Co. Ltd. (CBMF) to steal trade secrets related to the development of syntactic foam from an unnamed global engineering firm.

June 2017: Kevin Patrick Mallory, a former CIA officer, transferred classified documents to an agent of China’s intelligence services.

August 2017: Dong Liu attempted to obtain trade secret information from Medrobotics Corporation for China.

September 2017: China allegedly inserted malware into a widely used PC management tool. The malware targeted at least 20 major international technology firms.

October 2017: China allegedly carried out a cyberattack against a U.S. think tank and law firm, both of which were associated with fugitive Chinese tycoon Guo Wengui.

October 2017: Jerry Jindong Xu sought to help Chinese investors build a sodium cyanide plant to compete with Chemours by stealing pricing information, passwords for spreadsheets, confidential documents, and plant system diagrams from Chemours while he was employed there.

November 2017: Three Chinese nationals employed at a China-based Internet security firm were indicted by a US grand jury for computer hacking, theft of trade secrets, conspiracy, and identity theft against employees of Siemens, Moody’s Analytics, and Trimble.

January 2018: Yi-Chi Shih and Kiet Ahn Mai stole trade secret information from Monolithic Microwave Integrated Circuit (MMIC) technology for the benefit of Chengdu GaStone Technology Company (CGTC), a competing Chinese firm.

January 2018: Chinese hackers infiltrated a U.S. Navy contractor working for the Naval Undersea Warfare Center. 614 gigabytes of material related to a supersonic anti-ship missile for use on U.S. submarines were taken, along with submarine radio room information related to cryptographic systems and the Navy submarine development unit’s electronic warfare library.

March 2018: Chinese hackers targeted U.S. defense and engineering companies with ties to the South China Sea. The attacks sought sensitive data in line with government espionage objectives.

April 2018: Yanjun Xu, an MSS operative, attempted to recruit experts employed by leading American aviation companies to China, often under the guise of giving a presentation at a university.

April 2018: A cyber espionage campaign originating in China collected data from satellite, telecom, and defense organizations in the United States and Southeast Asia.

June 2018: Ron Rockwell Hansen, a former DIA officer, attempted to transmit national defense information to China.

June 2018: Chinese hackers were found to be engaged in a cyber espionage campaign to collect data from satellite, telecom, and defense organizations in the U.S. and Southeast Asia.

July 2018: Xiaqing Zhang conspired to steal trade secret information from General Electric for the benefit of China.

July 2018: Xiaolang Zhang was arrested for stealing trade secret information about the circuit board of Apple’s self-driving car initiative.

September 2018: Chinese hackers breached the systems of the Starwood hotel chain in 2014. It is estimated that the personal information of up to 500 million people was stolen.

September 2018: Ji Chaoqun, a Chinese citizen residing in Chicago, worked at the behest of the Jiangsu Province Ministry of State Security (JSSD) to get biographical information on eight Chinese nationals working as engineers and scientists in the United States that the JSSD had targeted for recruitment. Some worked for U.S. defense contractors.

October 2018: The U.S. Department of Justice indicted Chinese intelligence officers and hackers working for them for engaging in a campaign to hack into U.S. aerospace companies and steal information.

October 2018: U.S. agencies warned President Trump that that China and Russia eavesdropped on calls he made from an unsecured phone.

November 2018: Chen Zhengkun, He Jianting, and Wang Yungming stole Micron trade secrets related to dynamic random-access memory technology (DRAM) for the benefit of China.

November 2018: Beginning in March 2017, U.S. citizen Xiaorong You and Chinese national Liu Xiangchen conspired to steal trade secrets worth more than $100 million related to the development of BPA-free coatings. You stole trade secrets from the two American companies that employed her and provided them to Liu, whose company used them to create products that would compete with the two American companies in question.

December 2018: U.S. Navy officials report that Chinese hackers had repeatedly stolen information from Navy contractors including ship maintenance data and missile plans. 

December 2018: A Chinese national, Hongjin Tan, was arrested for stealing trade secret information from an American petroleum company, Phillips 66, and conspiring to use to benefit a Chinese firm.

December 2018: Chinese hackers stole IP and confidential business and technological information from managed service providers – companies that manage IT infrastructure for other businesses and governments.

December 2018: The United States, in coordination with Australia, Canada, the UK, and New Zealand, accused China of conducting a 12-year campaign of cyber espionage targeting the IP and trade secrets of companies across 12 countries. The announcement was tied to the indictment of two Chinese hackers associated with the campaign.

December 2018: Chinese hackers stole hundreds of gigabytes of data from computers of more than 45 technology companies and U.S. government agencies. The defendants also stole names, SSNs, DOBs, salary info, phone numbers, and email addresses of more than 100,000 U.S. Navy personnel.

January 2019: A Chinese national, Jizhong Chen, stole trade secret information about autonomous vehicles from Apple to benefit a competing Chinese firm.

February 2019: The UN International Civil Aviation Organizations revealed that in late 2016 it was compromised by China-linked hackers who used their access to spread malware to foreign government websites.

March 2019: Beginning in April 2017, Chinese hackers stole research from universities about maritime technology being developed for military use.

March 2019:  Chinese hackers targeted Israeli defense firms that had connections to the U.S. military.

April 2019: Chinese hackers stole General Electric’s trade secrets concerning jet engine turbine technologies.

April 2019: Pharmaceutical company Bayer announced it had prevented an attack by Chinese hackers targeting sensitive intellectual property.

May 2019: Hackers affiliated with the Chinese intelligence service reportedly had been using NSA hacking tools since 2016, more than a year before those tools were publicly leaked.

June 2019: Haoyang Yu was arrested in connection with stealing proprietary information from Analog Devices, a U.S. semiconductor company.

June 2019: Since at least 2017, Chinese hackers exfiltrated Call Detail Records (CDRs) from telecommunication companies to track dissidents, officials, and suspected spies.

July 2019: Chinese hackers from the group APT10 targeted three U.S. utility companies with a spear-phishing campaign to gain access to computer networks.

August 2019: Active since 2012, a previously unidentified Chinese espionage group, APT41, gathered data from firms in telecommunications, healthcare, semiconductor manufacturing, and machine learning. The group was also active in the theft of virtual currencies.

August 2019: Chinese state-sponsored hackers were revealed to have targeted multiple U.S. cancer institutes to take information relating to cutting edge cancer research.

September 2019: Two Chinese nationals stole sensitive exosome medical research from the Nationwide Children’s Hospital.

September 2019: Zhongsan Liu was arrested for fraudulently gaining J-1 visas for Chinese government officials. Such an incursion was meant to bring in facilitators of "talent-recruitment programs," a known Chinese espionage tactic.

September 2019: Xuehua "Edward" Peng was charged for acting as an illegal foreign agent for his delivering of classified information to the Chinese Ministry of State Security.

September 2019: A Chinese state-sponsored hacking group responsible for attacks against three U.S. utility companies in July 2019 was found to have subsequently targeted seventeen others.

October 2019: Chinese hackers engaged in a multi-year campaign between 2010 and 2015 to acquire intellectual property from foreign companies to support the development of the Chinese C919 airliner.

November 2019: Jerry Chun Shing Lee, a former CIA officer, was sentenced for providing classified information to Chinese intelligence officers.

December 2019: An alleged Chinese state-sponsored hacking group attacked government entities and managed service providers by bypassing the two-factor authentication used by their targets.

January 2020: A Harvard University Professor and two Chinese nationals, Yanqing Ye and Zaosong Zheng, were indicted for attempted theft of biological research. Dr. Lieber was a participant in the Thousand Talents Plan while actively accepting the National Institutes of Health and Department of Defense funding. Ye, a lieutenant of the PLA, compiled information on U.S. military projects for the CCP. Zheng committed the theft of 21 biological research vials to promote Chinese projects.

February 2020: The U.S. Department of Justice indicted two Chinese nationals for laundering cryptocurrency for North Korean hackers.

March 2020: Chinese hackers targeted over 75 organizations around the world in the manufacturing, media, healthcare, and nonprofit sectors as part of a broad-ranging cyber espionage campaign.

April 2020: U.S. officials reported seeing a surge of attacks by Chinese hackers against healthcare providers, pharmaceutical manufacturers, and the U.S. Department of Health and Human services amidst the COVID-19 pandemic.

May 2020: Song Guo Zheng, a professor of internal medicine at Ohio State University and Pennsylvania State University, pled guilty to making false statements to federal authorities as part of a scheme to use over $4 million in grants from the NIH to develop China’s expertise in rheumatology and immunology through his undisclosed partnership with a Chinese university controlled by the Chinese government.

May 2020: U.S. officials accused hackers linked to the Chinese government of attempting to steal U.S. research into a coronavirus vaccine.

June 2020: Hao Zhang, a Chinese national, was convicted under charges of economic espionage and theft of trade secrets from two companies involved semiconductor design and processing.

July 2020: Four Chinese nationals were charged with visa fraud due to their connection with the PLA. Efforts included observing U.S. labs and institutions to replicate research and designs in China.

July 2020: Jun Wei "Dickson" Yeo, was arrested for acting as an illegal agent for the Chinese government. Efforts included creating a fake consulting company to recruit cleared professionals to obtain information for the PRC and MSS.

July 2020: Saw-Teong Ang, a University of Arkansas professor, was indicted for wire fraud for his acceptance of U.S contracting funds related to NASA and the Air Force while being employed by Chinese entities.

July 2020: Li Xiaoyu and Dong Jiazhi, two Chinese nationals, were charged by the FBI for hacking the U.S. Department of Energy on behalf of the MSS. The two allegedly had committed economic espionage, extortion, computer fraud, and IP theft over the course of 11 years.

August 2020: Zhengdong Cheng, a professor at Texas A&M, was charged with wire fraud for concealing his affiliation with Chinese universities and enterprises while accepting a NASA grant. His position allowed him access to sensitive NASA projects. He was a participant of the Thousand Talents Plan.

August 2020: Guan Lei was charged with destruction of evidence during an FBI investigation. Guan is being investigated for transferring sensitive software and other technical data to the PLA and China's National University of Defense Technology.

August 2020: Former CIA officer Alexander Yuk Ching Ma was arrested and charged with espionage on behalf of China’s MSS. Between 2001 and 2010, Ma routinely exfiltrated classified CIA and FBI information to MSS operatives.

September 2020: Baimadajie Angwang, an NYPD officer and U.S. Army reservist, was charged as acting as an illegal agent of the PRC. He attempted to gather information on Chinese citizens living in the U.S. and recruit intelligence sources.

September 2020: The U.S. Department of Justice charged 7 Chinese hackers with breaching more than 100 companies, think tanks, universities and government agencies around the world.

September 2020: CISA revealed that hackers associated with the Chinese Ministry of State Security had been scanning U.S. government and private networks for over a year in search of networking devices that could be compromised using exploits for recently discovered vulnerabilities.

October 2020: The NSA warned that Chinese government hackers were targeting the U.S. defense industrial base as part of a wide-ranging espionage campaign.

October 2020: Lei Gao was charged with conspiring to steal trade secrets from a U.S. oil and gas manufacturer to benefit a Chinse firm.

October 2020: Eight individuals were charged with conspiring to act as illegal agents on behalf of the PRC. The individuals engaging in “Operation Fox Hunt” allegedly attempted to harass, stalk, and coerce individuals living in the U.S. who are wanted in China to return to the country.

October 2020: U.S. citizen Elliott Broidy pleaded guilty to undisclosed lobbying on behalf of the PRC in exchange for millions of dollars. Broidy attempted to get the U.S. government to drop a large fraud and money laundering prosecution and deport a critic of the PRC.

November 2020: Wei Sun, an electrical engineer with Raytheon, was sentenced to 38 months in federal prison for transporting sensitive missile technology to China on his laptop.

November 2020: In 2020, two apps were banned from the Google Play Store after cybersecurity researchers discovered that a software development kit developed by the Chinese internet giant Baidu had sent sensitive data on hundreds of millions of users to Chinese servers.

December 2020: Axios reported on a Chinese intelligence operation that allegedly occurred between 2011 and 2015. During the operation, a suspected Chinese spy named Fang Fang targeted local and national politicians through networking, campaign fundraising, and romantic or sexual relationships to gain proximity to political power.

December 2020: Yu Zhou and his wife Li Chen admit to conspiring to steal trade secrets from the local Ohio pediatric research institute where they worked and sell them to China.

January 2021: Hackers linked to the Chinese government were responsible for ransomware attacks against five major gaming and gambling countries, demanding over $100 million in ransom.

January 2021: A senior NASA official was sentenced for making false statements regarding his association to the Chinese Thousand Talents Program. He lied to investigators when questioned about his membership and professorship status in universities in China.

February 2021: Former University of Florida professor Lin Yang was indicted on charges to commit wire fraud and making false statements regarding a $1.75 million grant from the National Institutes of Health (NIH). The indictment alleges Yang concealed a business he established in China promoting a product he created using the NIH grant and applying to join China’s Thousand Talent Program.

February 2021: Visiting Stanford researcher, Chen Song was indicted for obstruction, alteration of records, visa fraud charges and false statements regarding about her status as a member of the PRC military forces while conducting brain disease research in the United States.

February 2021: Hong Kong based and Chinese national, Chi Lung Winsman, was charged with conspiring to steal trade secrets from General Electric (GE). Mr. Winsman recruited a GE engineered to steal MOSFET trade secrets and other proprietary information from GE to a new venture in China.

March 2021: Chinese government hackers targeted Microsoft’s enterprise email software to steal data from over 30,000 organizations around the world, including government agencies, legislative bodies, law firms, defense contractors, infectious disease researchers, and policy think tanks.

April 2021: Two state-backed hacking groups—one of which works on behalf of the Chinese government—exploited vulnerabilities in a VPN service to target organizations across the U.S. and Europe with a particular focus on U.S. defense contractors.

April 2021: New York City's Metropolitan Transportation Authority (MTA) was hacked by Chinese-backed actors but were unable to gain access to user data or information systems.

April 2021: Chinese national Suren Qin pleaded guilty to illegally exporting $100,000 of U.S. goods to PLA-affiliated Northwester Polytechnical University in China. Qin primarily sent underwater and marine technologies to the PRC through their company LinkOcean Technologies, LTD.

June 2021: Chinese actors targeted organizations, including Verizon and the Metropolitan Water District of Southern California using a platform used by numerous government agencies and companies for secure remote access to their networks.

July 2021: The FBI and the U.S. Cybersecurity and Infrastructure Security Agency (CISA) released a statement exposing a spearfishing campaign by Chinese state-sponsored hackers between 2011 and 2013. The campaign targeted oil and natural gas pipeline companies in the United States.

July 2021: The U.S., NATO, and allies accused the PRC of using contract hackers to conduct an ongoing global cyberespionage campaign that includes ransomware attacks, cyber extortion, crypto-jacking, and theft. Accompanying this accusation were charges against four MSS hackers for engaging in a multi-year campaign to steal trade secrets, business information, IP, and Ebola vaccine research. Finally, the U.S. government announced they are attributing a March 2021 exploitation of zero-day vulnerabilities in Microsoft Exchange Server to MSS hackers.

July 2021: Four Chinese hackers were indicted for a cyber operation between 2011-2018 to steal intellectual property from companies, academia and government entities in the U.S. and abroad. The theft focused on information of significant economic benefit to Chinese state-owned enterprises.

October 2021: Former U.S military pilot, Shapour Moinian, was charged with making false statements regarding his contact with Chinese intelligence including cash payments. Mr. Moinian worked for various defense contractors and traveled oversees to brief his contacts on the status of his work.

October 2021: Former Air War College professor Xiaoming Zhang pleaded guilty to making false statements regarding his relationship with a known official working with the Shanghai Municipal Government. The Chinese official was attempting to leverage their relationship to gain access to sensitive relationship or other valuable individuals to the Chinese government.

October 2021: A Chinese-linked hacking group gained access to calling records and text messages from telecommunication carriers across the globe, according to a report from CrowdStrike. The report outlines the group began its cyberattacks in 2016 and infiltrated at least 13 telecommunications networks.

November 2021: Former Broadcom employee Peter Kisang Kim was charged with theft of trade secrets prior to his start as a director for a Chinese based start-up microprocessor company. Specifically, the indictment alleges that Kim stole trade secrets of microchip design used in high-volume data centers.

November 2021: A federal jury convicted Yanjun Xu, a Chinese national and Deputy Division Director of the Sixth Bureau of the Jiangsu Province Ministry of State Security, of conspiring and attempting to commit economic espionage and theft of trade secrets. The defendant is the first Chinese intelligence officer to be extradited to the United States to stand trial.

November 2021: After CISA publicly shared details on a vulnerability, Chinese hackers targeted nine companies and 370 servers between September and October using the same vulnerability.

December 2021: Former U.S. Navy Sailor, Ye Sang, was sentenced for conspiring to illegally export sensitive military equipment to China. Sang purchased military equipment for Naval Special Warfare units as a logistics specialist from 2015 to 2019 and colluded with her husband to export equipment to China.

December 2021: Chinese hackers breached four more U.S. defense and technology firms in December, in addition to one organization in November. The hackers obtained passwords to gain access to the organizations’ systems and looked to intercept sensitive communications.

December 2021: Cybersecurity firms found government-linked hackers from China, Iran, and North Korea attempting to use the Log4j vulnerability to gain access to computer networks. Following the announcement of Log4j, researchers already found over 600,000 attempts to exploit the vulnerability.

January 2022: Chinese national and imaging scientist, Xiang Haitao pleaded guilty to conspiracy to commit economic espionage against Monsanto and The Climate Corporation based in St. Louis. Xiang developed a digital online farming software used to collect, store, and visualize critical agricultural field data to improve productivity, he’s guilty of stealing a predictive algorithm and providing it to the Chinese Academy of Science’s Institute of Soil Science.

January 2022: University of Arkansas Professor, Simon Saw-Teong Ang, pleaded guilty to making a materially false and fictious statement and representation to an FBI Special Agent for failing to disclose his 24 Chinese patents to the university and to the FBI, when interviewed.

February 2022: China-based Hytera Communications Corp. LTD. was indicted for conspiring with former Motorola Solutions employees to steal digital mobile radio technology developed by Motorola. The indictment alleges that from 2007 to 2020, Hytera and the recruited employees used Motorola’s proprietary and trade secret information to accelerate the development of Hytera’s DMR products, train Hytera employees, and market and sell Hytera’s DMR products throughout the world.

February 2022: An investigation led by Mandiant discovered that hackers linked to the Chinese-government compromised email accounts belonging to Wall Street Journal journalists. The hackers allegedly surveilled and exfiltrated data from the newspaper for over two years beginning in at least February 2020.

March 2022: Five individuals with ties to the secret police of the People’s Republic of China were charged with various crimes related to the PRC’s efforts to stalk, harass and spy on Chinese nationals residing in the United States. All five perpetrated transnational repression schemes targeting U.S. residents whose political views and actions are viewed as unfavorable by the PRC, including advocacy for democracy and dissidence of the regime.

March 2022: Hackers linked to the Chinese government penetrated the networks belonging to government agencies of at least 6 different U.S. states in an espionage operation. Hackers took advantage of the Log4j vulnerability to access the networks, in addition to several other vulnerable internet-facing web applications.

May 2022: Wang Shujun, a U.S. citizen who helped start a pro-democracy organization in Queens opposing the current communist regime in China, was charged alongside four officials from China’s Ministry of State Security (MSS) with conspiracy and other charges related to an espionage and transnational repression scheme. Wang used his position within the organization and dissident communities to collect information about prominent activists and human rights leaders for the MSS and PRC. He was handled by four MSS officials: Feng He, Jie Ji, Ming Li, and Keqing Lu.

May 2022: Chenyan Wu and Lianchun Chen, a married couple who worked as research scientists for a major American pharmaceutical company, pleaded guilty in federal court to criminal charges stemming from their efforts to gather confidential mRNA research from that company to advance the husband’s competing laboratory research in China.

May 2022: A Chinese hacking group stole intellectual property assets from U.S and European companies since 2019 and went largely undetected. Researchers believe the group is backed by the Chinese government.

June 2022: The FBI, National Security Agency (NSA) and CISA announced that Chinese state-sponsored hackers targeted and breached major telecommunications companies and network service providers since at least 2020.

September 2022: A federal jury in Chicago convicted Chinese national Ji Chaoqun of acting illegally within the United States as an agent of the People’s Republic of China. He was found guilty on one count of conspiracy to act as an agent of the PRC without first notifying the Attorney General; one count of acting as an agent of the PRC without first notifying the Attorney General; and one count of making a materially false statement to the U.S. Army.

September 2022: Peter Kisang Kim, a former Broadcom Inc. engineer, was sentenced to eight months in prison for trade secret theft involving Broadcom trade secrets. Kim had been employed by Broadcom for over twenty years. He was indicted in November 2021 and pleaded guilty on May 10, 2022.

October 2022: Two Chinese citizens were charged in a criminal complaint in federal court in New York with obstruction of justice and accused of attempting to pay bribes for inside information about the high-profile prosecution of Chinese telecommunications giant Huawei.

November 2022: Suspected Chinese-linked hackers carried out an espionage campaign on public and private organizations in the Philippines, Europe, and the United States since 2021. The attacks used infected USB drives to deliver malware to the organizations.

October 2022: In three separate cases in the U.S. Attorneys’ Offices for the Eastern District of New York and the District of New Jersey, the Justice Department has charged 13 individuals, including members of the People’s Republic of China (PRC) security and intelligence apparatus and their agents, for alleged efforts to unlawfully exert influence in the United States for the benefit of the government of the PRC.

December 2022: Chinese government-linked hackers stole at least $20 million in COVID-19 relief funds from the U.S. government, including Small Business Administration loans and unemployment insurance money. The U.S. Secret Service announced they retrieved half of the stolen funds thus far.

February 2023: The United States shot down a Chinese spy balloon it entered U.S. airspace near the Aleutian Islands. The balloon traversed Alaska, Canada and re-entered U.S. airspace over Idaho before travelling across the continental United States. Defense Secretary Lloyd Austin stated that the balloon “was being used by the PRC in an attempt to surveil strategic sites.”

 

Appendix A – Major Cyber Espionage Incidents Attributed to China

December 2022. Chinese government-linked hackers stole at least $20 million in COVID-19 relief funds from the U.S. government, including Small Business Administration loans and unemployment insurance money. The U.S. Secret Service announced they retrieved half of the stolen funds thus far.

November 2022. Suspected Chinese-linked hackers carried out an espionage campaign on public and private organizations in the Philippines, Europe, and the United States since 2021. The attacks used infected USB drives to deliver malware to the organizations.

June 2022. The FBI, National Security Agency (NSA) and CISA announced that Chinese state-sponsored hackers targeted and breached major telecommunications companies and network service providers since at least 2020.

May 2022. A Chinese hacking group stole intellectual property assets from U.S and European companies since 2019 and went largely undetected. Researchers believe the group is backed by the Chinese government.

March 2022. Hackers linked to the Chinese government penetrated the networks belonging to government agencies of at least 6 different U.S. states in an espionage operation. Hackers took advantage of the Log4j vulnerability to access the networks, in addition to several other vulnerable internet-facing web applications.

February 2022. An investigation led by Mandiant discovered that hackers linked to the Chinese-government compromised email accounts belonging to Wall Street Journal journalists. The hackers allegedly surveilled and exfiltrated data from the newspaper for over two years beginning in at least February 2020. 

December 2021. Chinese hackers breached four more U.S. defense and technology firms in December, in addition to one organization in November. The hackers obtained passwords to gain access to the organizations’ systems and looked to intercept sensitive communications.

December 2021. Cybersecurity firms found government-linked hackers from China, Iran, and North Korea attempting to use the Log4j vulnerability to gain access to computer networks. Following the announcement of Log4j, researchers already found over 600,000 attempts to exploit the vulnerability. 

November 2021. After CISA publicly shared details on a vulnerability, Chinese hackers targeted nine companies and 370 servers between September and October using the same vulnerability.

October 2021. A Chinese-linked hacking group gained access to calling records and text messages from telecommunication carriers across the globe, according to a report from CrowdStrike. The report outlines the group began its cyberattacks in 2016 and infiltrated at least 13 telecommunications networks.

July 2021. Four Chinese nationals targeted companies, universities, and government entities in the United States and abroad between 2011 and 2018. The campaign focused on information of economic benefit to China’s commercial sectors.

July 2021. The United States, the European Union, NATO and other world powers released joint statements condemning the Chinese government for a series of malicious cyber activities. They attributed responsibility to China for the Microsoft Exchange hack from early 2021 and the compromise of more than 100,000 servers worldwide.

July 2021. The FBI and the U.S. Cybersecurity and Infrastructure Security Agency (CISA) released a statement exposing a spearfishing campaign by Chinese state-sponsored hackers between 2011 and 2013. The campaign targeted oil and natural gas pipeline companies in the United States.

June 2021. Chinese actors targeted organizations, including Verizon and the Metropolitan Water District of Southern California using a platform used by numerous government agencies and companies for secure remote access to their networks.

April 2021. Two state-backed hacking groups—one of which works on behalf of the Chinese government—exploited vulnerabilities in a VPN service to target organizations across the U.S. and Europe with a particular focus on U.S. defense contractors.

April 2021. New York City's Metropolitan Transportation Authority (MTA) was hacked by Chinese-backed actors but were unable to gain access to user data or information systems. 

March 2021. Chinese government hackers targeted Microsoft’s enterprise email software to steal data from over 30,000 organizations around the world, including government agencies, legislative bodies, law firms, defense contractors, infectious disease researchers, and policy think tanks.

January 2021. Hackers linked to the Chinese government were responsible for ransomware attacks against five major gaming and gambling countries, demanding over $100 million in ransom. 

November 2020. In 2020, two apps were banned from the Google Play Store after cybersecurity researchers discovered that a software development kit developed by the Chinese internet giant Baidu had sent sensitive data on hundreds of millions of users to Chinese servers.

October 2020. A spokesperson for China’s Foreign Ministry responded to accusations that Chinese state-sponsored hackers were targeting the U.S. defense industrial base by declaring that the United States was an “empire of hacking,” citing 2013 leaks about the NSA’s Prism program.

October 2020. The NSA warned that Chinese government hackers were targeting the U.S. defense industrial base as part of a wide-ranging espionage campaign.

September 2020. The U.S. Department of Justice indicted five Chinese hackers with ties to Chinese intelligence services for attacks on more than 100 organizations across government, IT, social media, academia, and more.

September 2020. CISA revealed that hackers associated with the Chinese Ministry of State Security had been scanning U.S. government and private networks for over a year in search of networking devices that could be compromised using exploits for recently discovered vulnerabilities.

May 2020. U.S. officials accused hackers linked to the Chinese government of attempting to steal U.S. research into a coronavirus vaccine

April 2020. U.S. officials reported seeing a surge of attacks by Chinese hackers against healthcare providers, pharmaceutical manufacturers, and the U.S. Department of Health and Human services amidst the COVID-19 pandemic.

March 2020. Chinese hackers targeted over 75 organizations around the world in the manufacturing, media, healthcare, and nonprofit sectors as part of a broad-ranging cyber espionage campaign. 

February 2020. The U.S. Department of Justice indicted two Chinese nationals for laundering cryptocurrency for North Korean hackers

December 2019. An alleged Chinese state-sponsored hacking group attacked government entities and managed service providers by bypassing the two-factor authentication used by their targets

October 2019. Chinese hackers engaged in a multi-year campaign between 2010 and 2015 to acquire intellectual property from foreign companies to support the development of the Chinese C919 airliner.

October 2019. A Chinese government-sponsored propaganda app with more than 100 million users was found to have been programmed to have a backdoor granting access to location data, messages, photos, and browsing history, as well as remotely activate audio recordings. 

September 2019. A Chinese state-sponsored hacking group responsible for attacks against three U.S. utility companies in July 2019 was found to have subsequently targeted seventeen others.

August 2019. Chinese state-sponsored hackers were revealed to have targeted multiple U.S. cancer institutes to take information relating to cutting edge cancer research.

August 2019. A previously unidentified Chinese espionage group was found to have worked since 2012 to gather data from foreign firms in industries identified as strategic priorities by the Chinese government, including telecommunications, healthcare, semiconductor manufacturing, and machine learning. The group was also active in the theft of virtual currencies and the monitoring of dissidents in Hong Kong. 

July 2019. State-sponsored Chinese hackers conducted a spear-phishing campaign against employees of three major U.S. utility companies

June 2019.  Over the course of seven years, a Chinese espionage group hacked into ten international cellphone providers operating across thirty countries to track dissidents, officials, and suspected spies. 

May 2019. Hackers affiliated with the Chinese intelligence service reportedly had been using NSA hacking tools since 2016, more than a year before those tools were publicly leaked.

April 2019. Chinese hackers stole General Electric’s trade secrets concerning jet engine turbine technologies

April 2019. Pharmaceutical company Bayer announced it had prevented an attack by Chinese hackers targeting sensitive intellectual property.

March 2019. U.S. officials reported that at least 27 universities in the U.S. had been targeted by Chinese hackers as part of a campaign to steal research on naval technologies.

February 2019. The UN International Civil Aviation Organizations revealed that in late 2016 it was compromised by China-linked hackers who used their access to spread malware to foreign government websites. 

December 2018. Chinese hackers stole IP and confidential business and technological information from managed service providers – companies that manage IT infrastructure for other businesses and governments. 

December 2018. The United States, in coordination with Australia, Canada, the UK, and New Zealand, accused China of conducting a 12-year campaign of cyber espionage targeting the IP and trade secrets of companies across 12 countries. The announcement was tied to the indictment of two Chinese hackers associated with the campaign.

December 2018. U.S. Navy officials report that Chinese hackers had repeatedly stolen information from Navy contractors including ship maintenance data and missile plans.

December 2018. Secretary of State Mike Pompeo confirmed that Chinese hackers breached the systems of an American hotel chain, stealing the personal information of over 500 million customers.

October 2018. U.S. agencies warned President Trump that that China and Russia eavesdropped on calls he made from an unsecured phone. 

October 2018. The U.S. Department of Justice indicted Chinese intelligence officers and hackers working for them for engaging in a campaign to hack into U.S. aerospace companies and steal information

September 2018. Chinese hackers breached the systems of the Starwood hotel chain in 2014. It is estimated that the personal information of up to 500 million people was stolen

June 2018. Chinese hackers were found to be engaged in a cyber espionage campaign to collect data from satellite, telecom, and defense organizations in the U.S. and Southeast Asia.

June 2018. Chinese government hackers compromised the networks of a U.S. Navy contractor, stealing 614 GB of data related to weapons, sensor, and communication systems under development for U.S. submarines.

April 2018. A cyber espionage campaign originating in China collected data from satellite, telecom, and defense organizations in the United States and Southeast Asia.

March 2018. Chinese hackers targeted U.S. defense and engineering companies with ties to the South China Sea. The attacks sought sensitive data in line with government espionage objectives.

January 2018. Chinese hackers infiltrated a U.S. Navy contractor working for the Naval Undersea Warfare Center. 614 gigabytes of material related to a supersonic anti-ship missile for use on U.S. submarines were taken, along with submarine radio room information related to cryptographic systems and the Navy submarine development unit’s electronic warfare library

November 2017. Three Chinese nationals employed at a China-based Internet security firm are indicted by a US grand jury for computer hacking, theft of trade secrets, conspiracy, and identity theft against employees of Siemens, Moody’s Analytics, and Trimble.

September 2017. China allegedly inserted malware into widely used PC management tool. The malware targeted at least 20 major international technology firms. 

October 2017. China allegedly carried out a cyberattack against a U.S. think tank and law firm, both involved with fugitive Chinese tycoon Guo Wengui.

April 2017. Cybersecurity researchers revealed a growing cyber-espionage campaign originating in China and targeting construction, engineering, aerospace and telecom companies, as well as government agencies, in the U.S., Europe, and Japan.

April 2016. U.S. Steel accused Chinese government hackers of stealing proprietary information about steel production techniques for the benefit of Chinese steel producers

November 2015. Dutch security firm Fox-IT identified a Chinese threat actor, ‘Mofang’, that had launched cyber-attacks against government civilian and military agencies in the United States and other industries, including corporations conducting solar cell research

May 2015. Chinese hackers exfiltrated significant amounts of customer data from United Airlines

March 2015. Canadian researchers say Chinese hackers attacked U.S. hosting site GitHub. GitHub said the attack involved “a wide combination of attack vectors” and used new techniques to involve unsuspecting web users in the flood of traffic to the site. According to the researchers, the attack targeted pages for two GitHub users – GreatFire (https://en.greatfire.org/) and the New York Times’ Chinese mirror site – both of which circumvent China’s firewall.

August 2014. Community Health Systems disclosed that suspected Chinese hackers infiltrated its network and stole personal information from 4.5 million patients

May 2014. Alleged Chinese hackers posed as C-Suite executives in a spear phishing campaign to access the network of Alcoa. The hackers stole 2,907 emails and 863 attachments. 

March 2014. The OPM contractor responsible for U.S. security clearance background investigations is breached, allegedly by Chinese hackers.

September 2013. Chinese hackers used malware, known as ‘Sykipot’, to target entities in the U.S. Defense Industries and companies in key industries such as: telecommunications, computer hardware, government contractors, and aerospace. In mid-2013 they targeted the U.S. civil aviation sector.

September 2013. Chinese hackers targeted three U.S. organizations, including a large American oil and gas corporation

May 2013. Chinese hackers compromise the U.S. Department of Labor and at least nine other agencies, including the Agency for International Development and the Army Corps of Engineers’ National Inventory of Dams.

March 2013. Beginning in 2012, Chinese hackers targeted civilian and military maritime operations within the South China Sea, in addition to U.S. companies involved in maritime satellite systems, aerospace companies and defense contractors.

February 2013. DHS says that between December 2011 and June 2012, cyber criminals targeted 23 gas pipeline companies and stole information that could be used for sabotage purposes. Forensic data suggests the probes originated in China.

January 2013. The New York Times, Wall Street Journal, Washington Post, and Bloomberg News experience persistent cyberattacks, presumed to originate in China.

January 2013. A Defense Science Board report found that Chinese hackers stole U.S. weapons systems designs including for the PAC-3, THAAD, Aegis, F/A-18 fighter jet, V-22 Osprey, Black Hawk, and Littoral Combat Ship

September 2012. Chinese hackers infiltrated Telvent Canada, an industrial automation company, and stole data related to SCADA systems throughout North America. 

June 2012. DHS reported that between December 2011 and June 2012, hackers targeted 23 gas pipeline companies and stole information that could be used for sabotage purposes. Forensic data suggests the probes originated in China.

March 2012. Trend Micro uncovered a Chinese cyber campaign, dubbed ‘Luckycat’ that targeted U.S.-based activists and organizations, Indian and Japanese military research, as well as Tibetan activists.

March 2012. NASA’s Inspector General reported that 13 APT attacks successfully compromised NASA computers in 2011. In one attack, intruders stole 150 user credentials that could be used to gain unauthorized access to NASA systems. Another attack at the Joint Propulsion Laboratory involving China-based IP let the intruders gain full access to key JPL systems and sensitive user accounts.

February 2012. Media reports say that Chinese hackers stole classified information about the technologies onboard F-35 Joint Strike Fighters.

November 2011. According to a major U.S. news source, Chinese hackers interfered with two satellites belonging to NASA and USGS.

October 2011. Networks of 48 companies in the chemical, defense, and other industries were penetrated for at least six months by a hacker looking for intellectual property. Some of the attacks are attributed to computers in Hebei, China. 

August 2011. Chinese hackers engaged in a series of cyber-attacks against 72 entities, including multiple U.S. government networks.

April 2011. Between March 2010 and April 2011, the FBI identified twenty incidents in which the online banking credentials of small-to-medium sized U.S. businesses were compromised and used to initiate wire transfers to Chinese economic and trade companies. As of April 2011, the total attempted fraud amounts to approximately $20 million; the actual victim losses are $11 million.

May 2010. Chinese hackers breached the computer network of the U.S. Chamber of Commerce and stole information related to U.S. industries

April 2011. Google reported a phishing effort to compromise hundreds of Gmail passwords for accounts of prominent people, including senior U.S. officials. Google attributes the effort to China.

March 2010. NATO and the EU warned that the number of cyberattacks against their networks had increased significantly over the past 12 months, with Russia and China among the most active adversaries. 

January 2010. Google announced that a sophisticated attack had penetrated its networks, along with the networks of more than 30 other US companies. The goal of the penetrations, which Google ascribed to China, was to collect technology, gain access to activist Gmail accounts and to Google’s Gaea password management system.

January 2010: Beginning in 2009, China carried out a series of cyberattacks to steal trade secret information from dozens of U.S. companies including Google, Yahoo, Adobe, and Dow Chemical.

November 2009: Janice Capener, a Chinese national, stole trade secret information from Orbit Irrigation for the benefit of a competing Chinese firm.

March 2009: Chinese hackers infiltrated Coca-Cola Co. computer networks and stole trade secret information, including information related to the attempted $2.4 billion acquisition of Huiyuan Juice Group.

March 2009: Chinese hackers stole information from the Office of Senator Bill Nelson in Florida.

March 2009: A Chinese espionage network was discovered to have penetrated political, economic, and social institutions in 103 countries. The network was discovered during a 10-month investigation by researchers at InfoWar Monitor when they were called to investigate the compromise of the Dalai Lama's computer systems.

November 2008: Chinese hackers infiltrated the computer networks of three major oil companies and stole trade secret information.

November 2008: Chinese hackers infiltrated the networks of Barack Obama and John McCain’s presidential campaigns and exfiltrated information about future policy agendas.

November 2008: Chinese hackers infiltrated the computer network of the White House and obtained emails between senior government officials.

May 2008: Chinese officials inserted spyware onto the laptop of U.S. Secretary of Commerce Carlos Gutierrez during a trade mission.

December 2007: Chinese hackers successfully stole information from Oak Ridge National

September 2007: Hackers gained access to the Department of Homeland Security’s networks through a contractor and exfiltrated unclassified information to Chinese servers.

June 2007: PLA hackers breached a Pentagon computer network serving the Secretary of Defense, forcing the network to be shut down for more than a week.

2007: Chinese hackers breached the Pentagon’s Joint Strike Fighter project and stole data related to the F-35 fighter jet.

January 2007: The National Defense University discovered Chinese malware in its computer systems.

December 2006: Fei Ye and Ming Zhong stole trade secrets from two American technology firms to benefit China. They intended to utilize the secrets to build microprocessors for their company, Supervisor Inc. which would share any profits made on the sale of chips to the City of Hangzhou and the Province of Zhejiang in China.

December 2006: Chinese hackers infiltrated the U.S. Naval War College

August 2006: Chinese hackers infiltrated the Department of Defense’s non-classified NIPRNet, downloading 10 to 20 terabytes of data.

July 2006: Chinese hackers infiltrated the U.S. State Department’s unclassified network and stole sensitive information and passwords.

April 2006: Chinese hackers infiltrated NASA networks managed by Lockheed Martin and Boeing and exfiltrated information about the Space Shuttle Discovery program.

April 2005: Chinese hackers infiltrated NASA networks managed by Lockheed Martin and Boeing and exfiltrated information about the Space Shuttle Discovery program.

2005: Chinese hackers infiltrated U.S. Department of Defense networks in an operation known as “Titan Rain.” They targeted U.S. defense contractors, Army Information Systems Engineering Command; the Defense Information Systems Agency; the Naval Ocean Systems Center; and, the U.S. Army Space and Strategic Defense installation.

2003: Chinese hackers exfiltrated national security information from Naval Air Weapons Station China Lake, including nuclear weapons test and design data, and stealth aircraft data

We would like to thank Shawn Rostker, Evan Burke, Matthew Serrone, Khristal Thomas, Arthur Nelson, Ian Haimowitz, David Robusto, Janice Li and Harini V for their contributions to this timeline.