Velvet Glove, Iron Fist

This briefing provides an overview of the scale, scope and nature of the challenge posed by Chinese state threats, drawing on research published in the SOC ACE Research Paper, Old Wine, New Bottles? The Challenge of State Threats. The research examines the activities of the four main states seeking to revise the international order: Russia, Iran, North Korea and China (hereafter referred to as “the revisionist states”). However, it recognises the particular importance of China. One of the most populous countries in the world, China is probably the only state capable of challenging the US across a full spectrum of economic, political and military power.

The research finds that the People’s Republic of China, led by the Chinese Communist Party (CCP) since its victory in the Chinese Civil War in 1949, uses hostile activities in various ways. China overtly applies diplomatic bullying, economic coercion and military sabre-rattling to pursue its aims, and seeks to build open but often unequal friendships with foreign political and business elites. At the same time, China has exploited a wide range of clandestine and covert methods too, including commercial espionage on a massive scale, harassment of critics living overseas and ambitious offensive cyber effects operations. It has also striven to shape Western and international opinion covertly through online information operations and manipulation of its “friends” in Western politics and business.

At the core of the Chinese effort are its state intelligence agencies and CCP departments such as the United Front Work Department (UFWD). China increasingly relies on technology to provide a deniable long-range capability to pursue these clandestine and covert activities, although it continues to combine technological and human intelligence resources. Indeed, China has sought to take a “whole-of-society” approach to clandestine activities, calling on private businesses, civil society and its global diaspora to further the CCP’s goals.

The research finds that China is cautious in its application of state threats, placing great emphasis on maintaining its global reputation, especially with potential economic partners in Europe and the developing world; China is far from eager to be perceived as a destabilising force. Its most severe actions are reserved for Chinese dissidents, ethnic separatists and the island of Taiwan, which China regards as a wayward province. However, China has become noticeably more aggressive towards those beyond its core target group in the past decade, including the US and its allies.

Long-term concerns about regime security drive some of China’s behaviour, but the CCP also has broader ambitions to overtake the US as the world’s leading power and to reshape the rules-based international order to suit its interests. The pursuit of these goals has been enabled and accelerated by China’s remarkable economic growth over the past two decades, and the rise to power of the bellicose and strongly nationalist President Xi Jinping in 2012. The use of state threats – rather than military action – to achieve Chinese objectives reflects the CCP’s preference for stability, awareness of its vulnerabilities and historic traditions in Chinese strategic thinking. China would rather achieve its aims while avoiding a costly and dangerous military conflict.

The research finds that the effectiveness of China’s state threats campaign has been mixed, with some major successes in commercial espionage and cyber penetrations, but less obvious progress in subversive information and influence operations. However, the research emphasises that the CCP takes a long-term perspective, assessing that China’s use of hostile acts will not recede soon, and will potentially become more effective in certain areas such as cyber espionage, effects and information operations, considering its growing prowess in generative artificial intelligence. However, the research also notes that of the four main revisionist powers, China is the most cautious in its use of hostile measures and has not, as yet, used the full force of its capabilities against the West. Whether it does so will rest on several variables, including Western attitudes towards the status of Taiwan, the mercurial behaviour of US President Donald Trump, and possible European attempts to find a “balance” between the US and China.

Background

According to UK officials, state-linked hostile activity against UK interests has risen dramatically over the past decade. In March 2023, the assistant commissioner of the Metropolitan Police, Matt Jukes, stated that his force’s casework on state-linked foreign interference and espionage had increased fourfold since March 2018, when Russian operatives attempted to poison former Russian intelligence officer Sergei Skripal in Salisbury. Western countries have described the challenge of state-linked hostile actions in various ways, with the UK choosing the term “state threats”.

In response to the growing policy importance of state threats and a limited body of research on the issue, the Serious Organised Crime & Anti-Corruption Evidence (SOC ACE) research programme worked with the Royal United Services Institute to convene the State Threats Taskforce (STT) in 2023. The STT, which comprised former practitioners and experts from Europe and Five Eyes countries, sought to scope the threat landscape, and current and potential policy responses.

As a result of the gaps in understanding that were identified, a further project followed the STT that explored and assessed the scale, scope and character of contemporary state threats facing the UK and its allies. The project drew on academic and policy literature, publicly available official documents and credible media reports published in English over the previous decade, supplemented by 50 semi-structured interviews with academic experts, researchers, journalists, current and former government officials and practitioners in North America, Europe and the Asia-Pacific region. Its findings were published in January 2025 in the SOC ACE Research Paper Old Wine, New Bottles? The Challenge of State Threats.

A fundamental part of the research involved developing a new working definition of state threats. This definition stipulated that state threats were hostile acts initiated or encouraged by a state actor and executed by either a state or non-state actor. These acts should fall short of war, distort and subvert peacetime international rules and norms, and be underhanded, covert, deceptive, corrupt, illegal or coercive. They should also have a demonstrably negative political intent. Using this framework, the research identified various examples of overt, but mostly clandestine and covert, activities against Western and other states over the previous decade, which had emanated from four main states with revisionist agendas in international politics: Russia, Iran, North Korea and China.

Of these four, China is the most politically and economically powerful state and, despite security concerns most loudly proclaimed by the US, one with which many Western states in the Asia-Pacific region and Europe have sought to retain economic relations. However, these states’ intentions have been tested by clashes with Beijing over China’s human rights record, its trade practices, its secretiveness over the origins of the Covid-19 pandemic and its support for Russia during the full-scale invasion of Ukraine. They have also been tested by China’s clandestine and covert activities, not least of which have been increasingly aggressive online cyber operations in recent years. This briefing note thus seeks to examine China’s hostile activities separately from those of the other revisionist states, identifying distinctive patterns of behaviour that might be seen as the “signature” of contemporary Chinese practice.

Key findings

Confronting Chinese state threats

From its inception in 1949, the People’s Republic of China engaged in clandestine and covert activities overseas, although its secret operations during the Cold War and its aftermath seem to have been relatively modest (and amateurish) compared with those of the Soviet Union or its successor state, Russia. One such easily disrupted operation, dubbed “Chinagate” by US media, was an attempt by the Chinese Embassy in Washington, DC, to channel funds to President Bill Clinton’s 1996 re-election campaign through intermediaries. The US Department of Justice uncovered the operation, which was subsequently reported in The Washington Post.

In the past two decades, however, China has sought to overcome past embarrassments by establishing itself as a major force in the clandestine and covert spheres. China’s espionage campaign across various sectors of Western society has garnered significant official attention and has been presented to the public as a major threat. In 2020, Christopher Wray, the director of the US Federal Bureau of Investigation (FBI), noted that his agency was investigating more than 2,500 counterintelligence cases linked to China, accounting for over half of all the agency’s active cases of this type. In the UK, meanwhile, leaders of intelligence agencies have characterised Chinese efforts as “epic”, and an “epoch-defining challenge”. China’s targeting of overseas dissent and criticism has also intensified, as have its cyber effects operations and online information operations campaigns; and its malign influence campaigns against both its opponents in the Asia-Pacific region and, more broadly, in the West and developing world. Five Eyes and European intelligence agencies’ assessments’ have identified China, Russia and Iran as the three most persistent users of state threats. Of these, China is potentially the most dangerous; UK and US intelligence officials have likened Russian hostility to bouts of bad weather – unpleasant but tolerable – and Chinese hostility to climate change – more subtle and difficult to detect, but potentially posing an existential threat in the long term.

China’s promise

Nonetheless, while evidence of Chinese hostile activities has been growing, most Western political leaders, apart from those of the US, have taken time to acknowledge the threat, at least publicly. Indeed, many states in Europe and the Asia-Pacific region long turned a blind eye to Chinese overseas activities, despite the evidence, treating such behaviour as an aberration that could be ignored.

One reason for this apparent inattention has been the relative subtlety of Chinese behaviour in comparison to that of other revisionist states such as Russia and North Korea, a subject tackled below (see: “China’s strategic culture and state threats”). But Western countries have also had their own reasons for discounting China’s challenge. At first, the reason was relatively idealistic; following the Cold War, it was an article of faith in Western capitals that rapid economic and technological globalisation would fundamentally change the nature of international politics in a way that was favourable to democratic values. Despite retaining a communist regime alongside economic liberalisation, China was seen as an authoritarian state inching towards freedom. In March 2000, US President Bill Clinton eloquently expressed this view, as he welcomed the prospect of China’s accession to the World Trade Organization: “The more China liberalizes its economy, the more fully it will liberate the potential of the people”, he promised. As a result, Western leaders believed that they could – and indeed should – cultivate China because the expected future outcomes of peace and prosperity would outweigh any immediate concerns they had about illiberal or hostile Chinese conduct.

By the 2010s, however, it was apparent to Western observers that a liberal democratic China was unlikely to emerge anytime soon, with criticisms of the regime focusing on the Chinese communist Party (CCP)’s sharp economic practices and its domestic human rights record. If Western governments were much less idealistic about China, though, they were pragmatic about the need to retain good relations with a growing power with which their own economies were increasingly integrated. While economic ties did not prevent Western states from criticising China, their criticisms were carefully calibrated to express a Western liberal view on China without losing the CCP’s goodwill.

Disenchantment with China

Nevertheless, a greater Western willingness to view Chinese behaviour sceptically began to take shape in the early 2010s, firstly in the US. As the world’s two most economically, politically and militarily powerful states, the US and China participated in regular discussions about multiple topics. However, successive US administrations, starting with that led by President Barack Obama, found themselves increasingly at loggerheads with China in various areas such as trade, human rights, Iranian and North Korean nuclear proliferation, and climate change. President Obama and his successors also found themselves facing growing Chinese aggressiveness in the South China Sea and a burgeoning commercial cyber espionage campaign. Cumulatively, Chinese uncooperativeness became difficult to ignore. US anxieties rose further as the decade wore on, moreover, as the US became more concerned about China’s commercial penetration of 5G telecommunications infrastructures and its access to advanced chips used in new technologies such as artificial intelligence (AI). Despite China’s professions of amity, the US found it hard to square the realities of Chinese behaviour with the common meaning of Chinese diplomatic language.

US allies did not immediately follow the change in posture of the US towards China, however. In European countries, governments continued to prioritise economic ties over growing concerns about China’s domestic and international conduct, only really beginning to reconsider their thinking about the relative importance of prosperity and security towards the end of the decade. The influences behind the shift were multiple. Not least among them was growing pressure from the US to take the threat China posed seriously, especially with regard to its potential penetration of Western businesses, critical national infrastructure and scientific research. Western governments beyond the US also found it increasingly difficult to downplay the bellicose, nationalistic and anti-Western rhetoric of President Xi Jinping and China’s intimidatory tactics towards its neighbours, including Taiwan and the Philippines. Two major events in the early 2020s fostered the most fears and suspicions about China. The first was Covid-19, which both highlighted Western vulnerability to Chinese supply chains, and the CCP’s secrecy and evasiveness when the international community began to investigate the pandemic’s origins. The second event – in many ways more of a process – was China’s support for Russia following the full-scale invasion of Ukraine in February 2022. While an explicit Chinese endorsement of the invasion has never been made, China’s extensive economic and diplomatic support for Russia over the three years of the conflict have sent a clear message to the West of where China’s sympathies lie, raising fears about the role China might play as the lynchpin in an evolving anti-Western axis of the revisionist states. Such anxieties were heightened further by mounting evidence of extensive Chinese espionage and increasingly aggressive cyber effects operations.

Still, it is important to recognise that while there has been a broad change of attitude towards China in many Western states in the past three to five years, its permanence and depth are difficult to assess. Even in the face of Chinese support for Russia, leaders in Europe and the Asia-Pacific region have been guarded in their criticism of Beijing and sought to sustain dialogue, despite tensions. It is perhaps too much to say, therefore, that there has been a total change of heart about China among all the US’s allies – or at least one comparable to how many of them feel about Russia under President Vladimir Putin. Indeed, some voices in Western media have asked whether China might not capitalise on the abrasiveness of the US administration under President Donald Trump towards erstwhile allies over trade to in some way “split” the Western alliance. This remains to be seen, although it appears unlikely that Western states would distance themselves from the US over its perceived bullying, only to align with an authoritarian state with a long-term reputation for the same behaviour. Even if differences between the US and other Western countries were to deepen over trade and the status of Ukraine, it remains hard to believe that the wider West would revert to an older posture towards China, unless, of course, China’s behaviour were to become less troubling overall.

Mapping China’s state threats

China’s hostile behaviour, as the research shows, consists of a wide array of overt and covert hostile actions that would be difficult to cover in depth in a briefing. The following sections aim, therefore, to provide a representative sample rather than an exhaustive analysis of China’s primary areas of hostile activity.

Overt activities

Much of China’s aggressiveness has not been confined to the shadows. At the most basic level, China has pushed the limits of reasonable diplomatic discourse with its infamous “wolf warrior diplomacy”, combining performative public anger and threats of terrible consequences for going against China’s will. As Gui Congyou, the Chinese ambassador to Sweden, warned in November 2019: “We treat our friends with fine wine, but for our enemies we got shotguns”. Alongside gangster-style diplomacy, China has also been willing to indulge in what Russia expert Mark Galeotti describes in the Russian context as “heavy metal diplomacy”, referring to the use of military assets to push the boundaries of acceptable international behaviour and test the reactions of potential opponents. Examples include reckless manoeuvres by the Chinese People’s Liberation Army (PLA) in the air and at sea, leading to near misses with US and allied jets and warships, and regular live-fire exercises, often off the Taiwanese coast, but also recently near Australia in March 2025. China has also prompted ongoing clashes with its neighbours in the South and East China Seas, using its Maritime Militia – technically part of the Chinese military, but often supported by civilian craft and crew – to harass neighbouring countries’ military and civilian vessels, while also building new “islets” to provide justification for the shifting of international maritime boundaries. China has also been willing to exploit economic and financial relationships in overtly coercive ways against Western states. This technique has usually been applied indirectly through business interests, with China threatening Western companies’ access to the Chinese market unless their home governments tow the Chinese line on a given issue. A well-known example was the intense pressure Chinese officials placed on Börje Ekholm, chief executive of Swedish telecommunications giant Ericsson, to lobby the Swedish government in 2020 to drop a proposed public sector ban on Chinese technology firm Huawei.

In addition to targeting Western governments, China has also worked to suppress anti-CCP dissent and criticism overseas, described by Western governments and civil society groups as “transnational repression”. At an institutional level, Chinese diplomats have made coercive threats against Western universities that have provided platforms for critics of Chinese policy, such as pro-Tibetan or pro-Uyghur activists, particularly when those universities have significant financial and research ties to (and thus dependencies on) Chinese institutions. China has also sought to use “lawfare”, a term coined by former US Air Force General Charles Dunlap to denote “the use of law as a weapon of war”, to silence dissent. A consistent tactic of Chinese lawfare has been to charge dissident Chinese dual nationals with espionage or political offences when those individuals have come under Chinese jurisdiction, as illustrated by the ongoing case against Chinese writer Yang Hengjun, who was detained in Guangzhou in January 2019 while renewing his family’s visas. Another technique used against those more wary of putting themselves in harm’s way has been the issuance of Red Notices, which compel the 195 member law enforcement agencies of the Interpol international police network to issue warrants for the arrest of those named. Red Notices are intended to prevent suspected criminals from fleeing justice but have been misused by China to pursue the extradition of dissidents such as Dolkun Isa, the president of the World Uyghur Congress.

However, while China does not shy away from overtly aggressive behaviour, it combines it with seemingly more amicable approaches. China places particular emphasis on cultivating Western elites, especially sympathetic politicians, business leaders, journalists and cultural figures, in what China expert Elizabeth Economy describes as an attempt “to shape international actors’ political and economic choices”. China researcher Alexander Neill has characterised this process as a form of external “elite capture”, extending the meaning of a term drawn from development literature describing the control of resources and power by domestic elites. According to Mark Stokes and Russell Hsiao, experts on the PLA, China has a well-developed method for this kind of relationship building, identifying friends to be supported, enemies to be suppressed, and a middle constituency to be won over with travel to China, engagement with Chinese officials and offers of business opportunities. China’s globally dispersed expatriates and diaspora are meant to play a central role in these activities too, as unofficial Chinese ambassadors in their host countries, who, in the words of President Xi, must “tell the China story well”. However, they do not do so unsupervised. CCP bodies such as the United Front Work Department (UFWD) work through diaspora civil society and business groups to gain access both to current leaders and up-and-coming figures in Western politics, society and commerce. This process is not inherently nefarious, of course: friendship does not imply coercion. But as Alex Joske, a writer on Chinese intelligence, observes, the CCP’s approach of “making friends and watching what happens” has a harder and more transactional edge than many in the West understand. Rather than friendship as Westerners understand it, therefore, it resembles more a form of manipulation, where the Chinese “friend” establishes a credit balance of favours rendered, which can be drawn upon later. This exchange of favours need not be corrupt, of course, but it is susceptible to abuse, particularly if the favours requested cross into illicit territory.

Clandestine and covert activities

Such illicit territory is well known to China. As the research goes on to outline, China’s overt aggressiveness has also been combined with extensive activities in both the clandestine and covert fields. The area of Chinese secret operations that has generated the most attention in Western media so far has been China’s espionage campaign.

• Espionage

The research argues that the extent and scope of China’s contemporary spying are high by its own historic standards. A substantial portion of that effort has involved traditional espionage against state, political and military targets; according to a recent quantitative analysis of known Chinese espionage by Nicholas Eftiamides, an expert on Chinese intelligence, Taiwan remains China’s most important target by some distance. China has also taken an intense interest in the US and other Western countries, including traditional espionage targets such as militaries, intelligence agencies, government departments and legislatures. The main thrust of China’s effort in the West, though, has been against an array of non-traditional targets in commercial, scientific and educational spheres, areas that are, under most conventional Western interpretations, outside the boundaries of legitimate peacetime spying. China’s campaign of what might be called “knowledge espionage” has also been combined with a campaign of “societal espionage”, including the collection of vast amounts of sensitive information. For China, it seems that nobody is too unimportant to be spied upon.

Using Eftiamides’ figures, approximately 60% of Chinese intelligence cases identified worldwide have involved some economic, commercial or research-based dimension. The scale of this effort and its growth since 2010 have been astonishing: in 2020, Christopher Wray reported that the FBI had observed a 1,300% increase in Chinese economic espionage cases over the previous decade. Much of China’s intelligence work, both traditional and non-traditional, has been cyber enabled, allowing it to collect data on a vast scale. China’s penetration of the US government’s Office of Personnel Management (OPM) in 2015 enabled it to acquire the records of 22 million US officials, a feat followed by further actions such as the collection of 60,000 US Department of State emails in 2023 and the gathering of information on over 1 million US mobile phone users, reported in December 2024. Even where data are encrypted, China has hoovered up whatever is accessible, following what intelligence historian Calder Walton describes as a “collect now, decrypt later” strategy. China has also employed “website scraping” of social media platforms such as LinkedIn to amass vast amounts of open-source intelligence, identify potential contacts for cultivation, and surveil foreign officials and military personnel using platforms such as TikTok. Additionally, China has allegedly used the delivery of technological infrastructure and services to other countries to gather intelligence. In January 2018, for instance, French media reports suggested that China had leveraged direct access to the computer systems installed at the African Union (AU)’s headquarters in Addis Ababa by Chinese tech giant Huawei to collect the AU’s data from 2012 to 2017, something all the parties involved denied.

However, despite the growing importance of cyber as a tool of intelligence collection for China, it still derives ongoing value from human intelligence (HUMINT). Various recent scandals have emerged in European countries regarding the penetration of Chinese operatives into the staff of leading politicians, and China has been adept at developing contacts under the guise of seemingly innocent overt influence efforts, especially through members of Chinese diaspora communities with political links. HUMINT has played a significant role in China’s commercial collection efforts too, where joint ventures have enabled Chinese firms and their employees to obtain material from Western collaborators. Instances of alleged copyright infringement and intellectual property (IP) theft have resulted in multiple lawsuits against Chinese businesses filed by Western technology firms including Cisco, Fujitsu, Motorola, T-Mobile and Quintel, as well as biomedical giants such as Monsanto. Chinese government programmes such as its “Thousand Talents Plan” have also created further opportunities to cultivate and exploit Western academic researchers in cutting-edge scientific and technological research areas. In one notable case, Charles Lieber, a leading Harvard chemist, was convicted in April 2023 of lying to US investigators about his Chinese connections and for his failure to disclose payments exceeding US$1 million from Chinese institutions.

• Intimidation and repression

Alongside overt transnational repression, China has used covert means to target its opponents overseas. At its most general, this has entailed physical surveillance against possible dissent through the creation of “unofficial Chinese police stations” in various Western states that host Chinese diaspora communities. Chinese agencies have also directly interfered in the lives of Chinese nationals living overseas. Under Operation Foxhunt and Operation Skynet (launched in 2014 and 2015, respectively), Chinese operatives have been tasked with locating and persuading exiled Chinese, often former CCP officials, to return to China willingly. Where they do not, more extreme measures are used, including kidnapping. Such operations have been carried out worldwide, irrespective of whether China has extradition treaties with particular countries. According to estimates quoted by intelligence historian Calder Walton, in their first eight years of activity these programmes targeted more than 9,000 Chinese nationals living overseas. Although China has claimed that the programmes are purely focused on targeting corruption, it has used the same techniques to target political dissidents with spurious criminal charges too; in 2015, for example, Hong Kong bookseller and Swedish citizen Gui Minhai was kidnapped from Thailand, before later being put on trial in China and convicted for involvement in a historic fatal car accident.

As with espionage, cyber methods have played an important role in Chinese transnational repression. As early as 2009, Operation Aurora, undertaken by a cyber group linked to the PLA, hacked Google, Microsoft and 32 other firms to spy on the email accounts of Chinese dissidents. Throughout the Covid-19 pandemic, moreover, Chinese agencies used social media apps and online conferencing platforms such as Zoom to maintain coverage of interactions between those living in China and the Chinese diaspora. In one instance, a member of Zoom’s China-based research and development team was required to work with the Chinese Ministry of State Security (MSS) and the Ministry of Public Security (MPS) to identify and disrupt meetings in the US that China deemed subversive. China has also used modern technology to communicate threats overseas, using social media and instant messaging services such as WeChat to contact, threaten and intimidate Uyghur and Tibetan expatriates living in Western countries, either directly, or indirectly through family members still living in China, a technique known as “coercion by proxy”, primarily used to gain compliance from anti-regime individuals and groups based overseas. China experts Clive Hamilton and Marieke Ohlberg have noted various cases of this type, including that of Abdujelil Emet, a Uyghur dissident living in Germany, whose sister called him from Xinjiang, begging him to stop his activism, to protect her from state retribution.

• Sabotage and cyber effects operations

Besides targeting dissent, China is willing to disrupt and damage its opponents’ physical assets and systems too. Taiwan has been the main target of China’s attempts at physical sabotage, facing disruption of undersea communications cables connecting the island to global networks over many years. Although many of these incidents are due to wear and tear, accidents or earthquakes, researchers have noted a correlation between cable disruption incidents and the presence of Chinese cargo vessels in nearby waters. In the first two months of 2025, for example, Taiwan reported four cable disruptions (in the whole of 2024, there were three). In two of the cases, Chinese vessels flying African flags of convenience had been in the vicinity of the cables before the disruption occurred. Similar incidents have also been reported further afield. In November 2024, two telecommunications cables on the floor of the Baltic Sea were damaged within 24 hours of one another – one connecting Germany and Finland, the other linking Sweden and Lithuania. Chinese bulk carrier Yipeng 3 sailed over the cables around the time of their disruption. Chinese authorities denied any involvement and rejected Swedish prosecutors’ requests to board the vessel.

More common than physical sabotage is China’s expanding use of cyber effects operations, also known as offensive cyber operations or “cybotage”. Such operations can take various forms, ranging from inexpensive and straightforward methods, such as distributed denial-of-service attacks designed to overwhelm websites with traffic, to long-term systemic penetrations to insert malware. According to data from the Dyadic Cyber Incident Database (DCID), a database of inter-state cyber attacks covering events from 2000 to 2020, maintained by the Modern War Institute at West Point in the US, China has been the third most active state perpetrator of cyber operations aimed at disrupting and degrading its targets. However, the data also show that China’s primary cyber focus over the 20-year period was espionage rather than cyber effects, with DCID recording 79% of the former against 21% of the latter. Furthermore, when employing cyber as a tool of disruptive activity, China appears to have been among the most cautious of the revisionist states. Writing in the mid-2010s, political scientist Ron Deibert argued that Chinese actions in cyberspace had mainly been defensive, prioritising the establishment of the “Great Firewall of China” to prevent Chinese audiences from accessing subversive foreign content. Writing in the early 2020s, Lyu Jinghua, an expert on Chinese cyber strategy, emphasised that despite initial interest in the 2000s, Chinese military and intelligence agencies had not prioritised cyber effects operations after 2010 because of a perceived poor cost-benefit ratio.

However, despite cyber effects operations being a smaller proportion of the Chinese cyber campaign, the data also suggest they have increased since 2020, with much of this activity focused on Taiwan. China has also targeted regional rivals such as India, and become more aggressive towards the US and its Western allies. In January 2021, hackers linked to the MSS penetrated Microsoft Exchange Server’s email software, allowing other state and non-state actors to exploit the system’s vulnerability. According to Rachel Noble, the head of the Australian Signals Directorate intelligence agency, this was an unprecedented act in which China “crossed a line” by aiding and abetting criminals. Most worryingly, moreover, Chinese state-linked advanced persistent threats (APTs) such as Volt Typhoon have also used their penetrations not just to spy but to deploy malicious code in Western infrastructure, including energy, utilities and transportation systems. While this code has not been used to cause disruption as yet, its introduction bespeaks a new level of Chinese cyber aggressiveness and points to greater dangers in the future. As a US government advisory on Volt Typhoon issued in February 2024 suggested, the group’s targeting of US critical national infrastructure in locations such as the island of Guam – an essential base for US military operations in the Asia-Pacific region – was “not consistent with traditional cyber espionage or intelligence gathering operations”, but rather for “disruptive effects in the event of potential geopolitical tensions and/or military conflicts”. What might not be dangerous now may yet be catastrophic later.

• Information operations

In the past two decades, China has also become an active player in information operations, aiming to shape public opinion or segments and potentially change audience behaviour. Although information operations can be attributable, they can also be covert, seeking to hide or misrepresent their source. Covert information operations commonly use disinformation, which is knowingly false material; misinformation, which is disinformation unwittingly recycled by others; or malinformation, which is truthful material that its creator did not wish to be openly available. The basic techniques used in information operations are fundamentally the same now as they have been throughout history. Operatives typically seed information into public discourse through witting or unwitting contacts in news media, academia, culture and so forth, at which point they direct, encourage or enable it to be recycled and laundered through various media channels and social networks. Despite their long history, the development of new media and new communications technologies has dramatically amplified the scale, reach and speed of information operations. The development of the online world, has provided cover for malign actors, both state and non-state, to deploy fake experts, journalists, think tanks, non-governmental organisations and media outlets to seed fake or sensitive information anonymously. Social media has further provided an enabling environment in which such information can be shared and recycled rapidly by “troll factories” of real individuals and automated “bots”, as well as by unwitting online audiences.

China’s long-term core approach to online information operations has been to promote a positive image of China. According to China specialist Anne-Marie Brady, China’s information operations have focused on two main audiences – diaspora Chinese and foreigners – among which the regime seeks to raise China and the CCP’s profiles as effective and benevolent forces. However, as Brady notes, this nuanced approach has a flip side, with China also seeking to undermine and marginalise anti-CCP opinions online. In particular, China takes an aggressive posture towards pro-independence and pro-US narratives in Taiwan, which has hardened further in recent years. According to analysis conducted by Taiwanese think-tank IORG, Chinese-language media and social media content between 2021 and 2023 promoted 84 types of anti-US narratives, which included claims of poisonous US pork imports into Taiwan and the US’s secret harvesting of Taiwanese blood to make a bioweapon to attack China. During the Taiwanese presidential election of January 2024, there were also indications that a state-linked Chinese cyber group known as Spamouflage was behind an AI-generated video showing Taiwanese news anchors making false allegations about the outgoing president, which Microsoft Threat Intelligence, a community of cyber experts and researchers monitoring online threats, assessed to be the first known case of state-backed AI disinformation in an election.

Additionally, outside observers suggest that China’s aggressive and divisive information tactics may be spreading beyond Taiwan. With the start of the pandemic in 2020, China followed Russia’s lead in spreading disinformation about the origins of the Covid-19 virus, suggesting that it had emanated from a US biological warfare facility. China also pushed the narrative that Western governments had failed to handle the crisis as effectively as China. According to US civil society organisation the Alliance for Securing Democracy, Chinese government-linked Twitter accounts posted around 90,000 tweets spreading disinformation on Covid-19 in April and May 2020 alone. Since the pandemic, China has also become readier to repeat and recycle the anti-Western narratives of states such as Russia and Iran, “demonstrating growing convergence between their ideologies and information strategies”, in the words of China expert Bethany Allen. These narratives are a far cry from the pro-China messages of a decade ago, moreover, and appear more targeted at exacerbating social divisions over issues such as gun control and racial inequality in the US.

• Malign influence

China is also a sophisticated user of malign influence, aiming to covertly shape the views and decisions of targeted elites in ways that favour its interests. It can be challenging to draw a clear line between legitimate and illegitimate forms of influence, as seemingly benign relationships can be negatively repurposed as circumstances or intentions shift. Accepting this ambiguity, the research sees “malign influence” occurring where one party in a relationship conceals their allegiance or agenda or employs underhand methods to achieve their goals. In contrast, “benign” influence occurs between openly identified partners who conduct their relationships without covert manipulation.

Chinese malign influence operations employ many of the same techniques as Chinese espionage; indeed, these activities are closely interconnected. Chinese intelligence operatives, posing as businesspeople, journalists, students and academics, use the UFWD and other CCP covers to exploit relationships with influential members of civil society within the Chinese diaspora across Europe, North America and the Asia-Pacific region. These connections are then leveraged to access the political and business elites of the diaspora’s home countries, often beginning with seemingly innocent interactions with emerging figures. They may evolve into covert, illicit relationships by sharing financial and other favours.

The US has been a significant target of such operations. A prominent case publicly revealed in 2020 involved China’s targeting of Eric Swalwell, a politician from California who became a member of the US House of Representatives in 2013. In the early 2010s, before his election to Congress, Swalwell was among several rising Californian politicians cultivated and befriended by Chinese national and student political activist Christine Fang. Unbeknownst to Swalwell, Fang was suspected by US authorities of being a Chinese intelligence operative. Swalwell severed his ties with Fang after receiving a briefing from the Central Intelligence Agency in 2015. However, the US is not the only Western country to be targeted in this way; in recent years, Chinese intelligence’s interest in Five Eyes and European countries has also been apparent. In December 2022, according to media reports, Canadian Prime Minister Pierre Trudeau was briefed by the Canadian Security Intelligence Service that the Chinese consulate in Toronto had provided covert support to 11 candidates in an effort to influence the federal election of 2019. In January 2022, MI5, the UK’s internal security agency, alleged that Christine Lee, a solicitor active in the UK’s Chinese diaspora community, was a willing asset of UFWD efforts to influence members of the UK Parliament through donations. Recent alleged Chinese espionage cases in Europe have also displayed a possible malign influence dimension. For example, in December 2023, an investigation by various European media outlets revealed the apparent collaboration of Belgian politician Frank Creyelman with an MSS operative who sought to sway political discussions on issues such as Taiwan, Hong Kong and the Uyghurs. In this and other similar cases, it has been notable that Chinese operatives have focused on more junior or marginal politicians who are likely to have access to senior figures and officials, but who attract less scrutiny from the media, intelligence agencies or law enforcement.

Initiation of Chinese state threats

Identifying the initiating source of clandestine and covert activities in China is inherently challenging, given the largely covert nature of these actions and the opacity of the regime. China has historically been recognised as having a heavily bureaucratic decision-making structure, with the collective CCP leadership transmitting directives through parallel yet integrated state and party systems. This suggests that the hostile activities emanating from the regime are being driven from above, overseen, guided and managed through existing institutional structures such as China’s intelligence agencies and CCP bodies. Indeed, the vastness of these operations points towards China’s relatively regimented approach.

Of course, with a state and party apparatus as large and complex as China’s, diversity and irregularity will occur. Various parts of the apparatus can have significant operational autonomy in achieving state and party priorities, creating the potential for duplicative or contradictory efforts. This complex situation can be further complicated by the independent actions of some officials who pursue their own paths, whether following personal agendas or seeking self-enrichment. Despite the CCP’s dominant position, tension has long existed among various state and party structures, magnified by a tendency for new party-linked groups and bodies to proliferate. Indeed, in the 2000s, external observers noted that the rapid emergence of Chinese foreign policy actors resulted in an increasingly divergent Chinese approach to the outside world. In the world of clandestine and covert activity, China’s current emphasis on a “whole-of-society approach” to intelligence collection (of which more below) also lends itself to potential freelance activity.

However, as the research argues, there is no sense in which Chinese operations result from policy chaos. Unlike Russia, which has a significant class of entrepreneurial “adhocrats” who have some licence to act on behalf of the Putin regime, China remains a tightly controlled state, and this top-down control has intensified since the rise of President Xi. The goals and character of the regime increasingly reflect his nationalistic and assertive temperament, with officials expected to adhere to “Xi Thought”, as his ideas are described by China scholars Steve Tsang and Olivia Cheung. Moreover, Xi has taken decisive and ruthless actions to ensure compliance with his expectations, dismissing senior figures for opposition, failure and corruption, and replacing them with his acolytes. It would be inaccurate to view Xi as a “puppet master” behind the actions of Chinese state threats: such a role would be beyond any individual. Nonetheless, his dominant position in the Chinese political system suggests that the country’s hostile activities are likely to mirror his preferences.

Execution of Chinese state threats

Considering the centrality of the state as an initiator of state threats in China, it is perhaps unsurprising that state institutions and the CCP are also at the heart of executing clandestine and covert activities overseas.

State operatives

Most important are China’s intelligence services, which comprise the MSS, the country’s civilian intelligence service founded in 1983, and the intelligence capabilities of the PLA, which now sit under the Central Military Commission Joint Staff Department, Intelligence Bureau. Both the MSS and the PLA are tasked with overseas collection of intelligence and various covert activities, with the MSS focusing more on politics and government, and the PLA on military-related issues. The MSS also works alongside the MPS to identify and repatriate individuals targeted by Operation Foxhunt. In addition, the agencies of China’s Special Administrative Region of Hong Kong may now be operating as arms of Chinese overseas intelligence, as suggested by a recent espionage case in the UK, where three individuals were charged with offences conducted on behalf of Hong Kong intelligence in May 2024. As is common for intelligence agencies, Chinese state operatives work abroad under various covers, both official (for example, as diplomats or party officials) and unofficial (for example, as journalists or businesspeople).

Besides China’s intelligence agencies, other state bodies are also involved in clandestine and covert activities. China’s 150,000 state-owned enterprises (SOEs) are legally required to place China’s national and economic security over profit, and have close operational relationships with agencies such as the MSS. Key party organs are deeply integrated into overseas secret activities too, with the most important being the UFWD, which is charged with “managing” China’s relations with the diaspora, co-opting foreigners to support China’s policies, and suppressing overseas criticism of the China and the CCP. As Allen notes, despite its political role, the UFWD operates like an intelligence agency, often working overseas alongside or competing with MSS or PLA representatives: “party cadres who hold an official position in the United Front Work Department may ‘double-hat’ as … diplomats posted to Chinese embassies abroad who also hold publicly undisclosed positions in the department”. Although the UFWD has intelligence collection responsibilities, it is most closely associated with Chinese malign influence operations.

Non-state actors

As noted above, China takes a whole-of-society approach to intelligence. Under various intelligence laws passed since 2014, Chinese actors in the private sector and civil society are mandated to actively support state intelligence activities. However, as the laws also indicate, non-state actors in China must follow the requirements of the state and party. While the relationship between the Chinese state and non-state actors can be complex (non-state actors invariably have their own interests and agendas), the discipline exerted from above is strong.

• Businesses and tycoons

Private Chinese businesses are an invaluable part of the China’s commercial espionage campaign, both useful as cover for state operatives and as stand-alone clandestine actors in their own right. In the assessment of Murray Scot Tanner, an expert on Chinese law enforcement, Chinese national intelligence laws have created “affirmative legal responsibilities for Chinese and, in some cases, foreign citizens, companies, or organizations operating in China to provide access, cooperation, or support for Beijing’s intelligence-gathering activities”. According to Eftiamides, private enterprises were responsible for 53% of known cases of Chinese commercial espionage up to December 2024, well ahead of SOEs at 23% and the MSS at 11%. Eftiamides estimates that in just under a third of the cases involving business, private actors were likely to be acting on behalf of a government agency, an SOE or a Chinese university, and 22% on their own behalf. If recent media reporting is credible, the private sector’s role is becoming especially prominent in cyber-enabled espionage and effects operations; in March 2025, the US Department of Justice charged 12 contract hackers from i-Soon, a private firm based in the Chinese technology hub of Chengdu, with various cyber violations against US and Asian targets that were directed by Chinese officials and undertaken on the hackers’ own initiative. According to The Economist, firms such as i-Soon have proliferated recently, providing the MSS with a “corporate hinterland for … tools and infrastructure to enable attacks.”

Separately, Chinese business leaders, often called “tycoons” rather than the more Russian “oligarchs”, are also expected to act as Chinese agents of influence overseas. Guo Wengui, a Chinese real estate billionaire convicted of financial crime charges in the US in July 2024, admitted that before a public turn against the CCP, he had worked for the MSS, including building connections with “sensitive figures” overseas. Hamilton and Ohlberg argue that such arrangements are prevalent among the Chinese business class, where “loyalty to the Party is a condition of doing business”. They also have a long history. Canada’s Operation Sidewinder, an investigation conducted by the Royal Canadian Mounted Police and the Canadian Security Intelligence Service in the 1990s, uncovered extensive cooperation among tycoons of Chinese heritage, Chinese organised crime groups (OCGs), commonly referred to as “Triads”, and Chinese intelligence officers in money laundering and political influence operations in Vancouver. More recent cases have suggested similar patterns in other Western countries. In November 2017, media reports alleged a close financial relationship between Chinese billionaire Huang Xiangmo, who reportedly has ties to the CCP, and Australian Senator Sam Dastyari. Dastyari also allegedly adopted a sympathetic stance towards Chinese territorial claims in the South and East China Seas, counter to his own Labor Party’s position, and warned Huang about potential technical surveillance of his phone. Although Dastyari continues to deny any wrongdoing, he resigned from the Senate. Huang, who also denied any illegality, was denied re-entry to Australia in 2019.

• The Chinese public and the diaspora

Beyond the elites, the Chinese authorities expect individuals at every level of domestic society to actively work with the intelligence services, both in counter-espionage activities within China and clandestine and covert activities overseas. For example, China has used its so-called “Fifty-Cent army” – a cadre of supposedly private citizens (but who are also often government employees) paid to spread propaganda and disinformation online – to support internet trolling in the state’s campaigns against dissent and anti-CCP narratives. Estimates suggest that these individuals produce around 450 million social media posts annually, although most posts appear to be for domestic consumption. China has also looked to its domestic base for support in identifying opportunities for overseas espionage or interference, mainly in the cyber sphere, where Chinese citizens must provide the government with “zero-day exploits” – software vulnerabilities that are unknown to systems’ owners, which can be used to enter and manipulate systems – they identify in foreign software. Young hackers are also incentivised to actively hunt out such vulnerabilities at MSS- and MPS-sponsored “hackathons” such as the Tianfu and Wandung Cups. The vulnerabilities are then gathered for potential state use, and highly talented hackers are targeted for potential state agency recruitment.

Chinese nationals who travel or live beyond China – most often businesspeople, academics and students – are expected to act as informal ambassadors for the China and, in President Xi’s words, as its “eyes and ears”, too. An FBI investigation in 2020 identified, for example, several Chinese academic researchers with visas to work in the US, apparently unaffiliated to the Chinese state, who were, in fact, linked to the PLA and tasked with collecting material on medical research and software development. Six of these individuals were arrested in the summer of 2020, but more than 1,000 other Chinese researchers unexpectedly left the US in the immediate aftermath of the arrests. China’s espionage campaign is also highly likely to have exploited the significant inflow of Chinese students into Western universities, using some ordinary students for low-level intelligence collection and monitoring of dissent within the Chinese student body. In addition, Chinese-sponsored educational institutions in Western universities, such as Confucius Institutes, intended to share the Chinese language and culture, may also have been used as hubs for UFWD-backed intimidation and subversion on campuses.

Alongside its temporary overseas population, China seeks active support from its long-term diaspora of around 60 million people. As former British diplomat Charles Parton observed in an interview for the research, “the Chinese diaspora is vast [and] increasingly influential, and much of it has no choice but to cooperate with the CCP, given relatives and other ties back in China”. Some members of these communities retain Chinese nationality, making them subject to Chinese jurisdiction under the Chinese Nationality Law. However, Xi has expressed his personal view that all Chinese, including those of purely Chinese heritage, “must always put the fatherland and the [Chinese] people in … [their] heart … [and] be a defender and evangelist of patriotism”. At the softer end of the spectrum of activities, members of the diaspora are expected to engage in China-friendly Chinese civil society organisations, which serve as channels by which Chinese intelligence agencies and party entities such as the UFWD can collect intelligence, promote narratives of China’s “peaceful rise”, and influence political processes in targeted countries. Hamilton and Ohlberg report that since 2010, the CCP has increasingly encouraged party groups involved in such “united front” work to “build ethnic Chinese-based political organisations, make political donations, support ethnic Chinese politicians, and sway votes to impact closely contested elections”; they state that such activities have progressed rapidly in Australia, Canada, France, Germany and New Zealand. At the same time, some members of the civilian diaspora have also engaged in repressive activities in collaboration with the Chinese authorities, ranging from basic monitoring of dissidents to more direct interference in others’ lives. In a case from March 2025, for example, Quanzhong An, a Chinese businessman and reportedly an influential figure in the Chinese American community in New York, was sentenced to 20 months in prison for serving as an unregistered foreign agent of China involved in a scheme to repatriate a US resident to China through coercion as part of Operation Foxhunt. Although such extreme instances appear to be relatively rare, they also indicate Chinese authorities’ readiness to call on members of their diaspora to undertake more dangerous and clearly illegal activities if necessary.

• Organised crime and cybercriminals

Finally, Chinese authorities have also worked with Triads. These groups have a significant presence in China’s highly populated coastal areas – especially Hong Kong – and in the diaspora communities of South-East Asia and the West. As suggested by the findings of Operation Sidewinder in Canada, “patriotic” Triads have probably collaborated with party and intelligence operatives and corrupt individuals in the diaspora in efforts to influence foreign politicians, officials and businesspeople. Chinese OCGs have also been engaged in support of more forceful covert activities overseas. Recent investigative journalism has suggested that Chinese criminals in Italy and Spain were involved in setting up secret Chinese police stations on behalf of the China and also played the role of local enforcers.

However, Chinese authorities’ operational relations with the Triads are relatively limited and most evident within or close to the Chinese homeland, where they have supported efforts by the authorities to quell dissent. In the 1980s, China’s leader Deng Xiaoping reportedly reached an accommodation with the Triads in Hong Kong to ensure stability during the territory’s handover from the UK in 1997, with cooperation continuing after the transition. There have been further allegations that Beijing authorities deployed Triad-led gangs to attack pro-democracy protesters in Hong Kong in 2014. Outside of China, however, the Chinese authorities have been content to allow Triad activity as long as it is not detrimental to Chinese interests. In South-East Asia, for example, China has increased anti-organised crime efforts against OCGs involved in cross-border fraud. But as South-East Asian expert Zachary Abuza notes, Chinese authorities have taken a “selective” approach, colloquially known as “kill[ing] the chicken to scare the monkeys”, where OCGs that have targeted Chinese nationals have been pursued, and those which have focused on foreign targets have not.

The Chinese state also appears to have a similarly nuanced relationship with cyber-crime groups and hackers. In contrast to Russia, China’s cyber operations appear to fall more closely under the control of state agencies. Nevertheless, there is still some blurring of lines. According to cyber intelligence firm Mandiant, some Chinese hackers may work for the state during “office hours” and then conduct other personal criminal interests after work. Intriguingly, APT 17 – believed to be run by the Jinan bureau of the MSS – uses the same cyber tradecraft as APT 41, which sells its skills for hire.

It seems a remarkable coincidence. In addition, China’s intelligence agencies have cultivated a network of what are often described as “patriotic hackers”, which they direct to attack targets on an ad hoc basis. Chinese state hackers have also occasionally appeared to create a permissive environment for cybercrime; when Chinese state hackers penetrated Microsoft Exchange Server system in March 2021, for example, they left an exposed vulnerability in the system, which cyber-criminals immediately took advantage of to steal data for illicit use. Although the state hackers’ incompetence is a potential explanation, it again seems unlikely, and the swift reaction of cyber-criminals to the breach suggests either the state hackers choreographed or provided advance notice of the attack.

• Foreign non-state actors

Overall, China appears to make relatively limited use of non-state actors that do not have obvious cultural or ethnic links to the country; in espionage, for example, Chinese intelligence sources appear to be overwhelmingly of Chinese heritage. Yet, non-Chinese heritage individuals do occasionally play supporting parts in China’s activities, sometimes as witting sources in cases of espionage, such as two former French intelligence officers imprisoned for espionage offences in 2020, including passing secrets to the MSS, or as hired “muscle” in cases of coerced repatriation. Foreign lobbyists also appear to play an important role in Chinese influence operations; for example, according to figures collected from 2016 to 2024, Chinese actors have spent more than those of any other country on registered foreign lobbying in the US. Although these instances are legitimate under the US Foreign Agents Registration Act (FARA), separate reporting suggests that China uses unregistered agents too. Gal Luft, a dual US-Israeli citizen and joint head of a Maryland-based think-tank, is alleged to have acted as an unregistered agent of the Chinese government in violation of FARA, along with other offences. After absconding from bail following his arrest in Cyprus in 2023, Cypriot authorities detained Luft again in September 2024.

Chinese cooperation with other revisionist states

The research also notes the relatively limited operational clandestine and covert links that have so far developed between China and the other main revisionist states of Russia, Iran and North Korea. In some areas, overt cooperation has been apparent. In a strategic sense, the current dynamic between the four perhaps favours closer ties and cooperation, as they all share common concerns about the fragility of their regimes and a desire to pursue national agendas contrary to the Western concept of the rules-based order. Certainly, China has made overt signs of support for both Russia and Iran, strengthening its political and economic ties with both regimes despite the war in Ukraine and Iran’s backing for terrorist groups such as Hamas and Hezbollah and despite Western sanctions against both countries and terrorist groups. China has also apparently allowed major trading entrepots with existing Western commercial links – Hong Kong in particular – to become permissive environments for sanctions evasion; and with Russian support, it has obstructed the implementation of sanctions against North Korea at the UN Security Council. Studies of sanctions evasion by North Korea have found, moreover, that many of its overseas operations have been conducted with the help of foreign individuals and foreign front companies, including those with Chinese links. However, accepting that insights into secret activities are hard to obtain, there are few indications of China working with other revisionist states except in information operations, where, as previously noted, China has consistently recycled and repeated narratives from Russia and others since the Covid-19 pandemic. Nonetheless, this appears more like loose collaboration than systematic cooperation.

China has understandable and practical reasons for holding other revisionist states at arm’s length regarding its secret activities. Even good inter-state relationships do not necessarily lead to sharing intelligence or capabilities; as cyber expert Max Smeets argues with regard to cyber tools, the incentives to transfer will vary, depending on various contextual factors. A state is assured that its knowledge or expertise will not be compromised, passed on secretly to adversaries or potentially used against it in the future if relations sour. Arrangements such as Five Eyes are extremely rare, and depend on trust grounded in shared history, culture and values. These are not things that China and the other revisionist states can call on. Beyond their mutual aversion to the Western rules-based approach to international affairs and their authoritarian governance, there are deep historic, cultural and ideological cleavages that are likely to prevent significant cooperation between the revisionists across the most sensitive areas of activity.

China’s strategic culture and state threats

The research argues that China has developed a distinctive strategic culture in state threats, shaped by its unique history, culture, politics and geopolitical conditions. That culture is nuanced, calibrated and selectively aggressive; in the words of Economy, an “Iron Fist in a Velvet Glove”.

Methods

Online activity and cyber tools play increasingly important roles across all Chinese secret activities. Social media platforms have become a core part of the Chinese methodology for identifying, recruiting and handling foreign sources, and in combination with instant messaging services, conducting overseas monitoring, surveillance and harassment of dissent. Cyber incursions are also an essential element within China’s effort to collect intelligence quickly and on a massive scale, and to undertake preparations for potential future cybotage. There is also evidence that China has been deploying generative AI tools to support its online disinformation efforts.

Although China seems to have a growing preference for virtual and technological means where possible in its secret statecraft, human assets are not absent and remain vital to the conduct of intelligence collection, transnational repression, cyber effects operations, and a variety of information and malign influence operations. There are many dimensions of covert activity that new technologies have not yet mastered, from kidnapping high-value targets to cultivating agents of influence in political and business elites. As Eftiamides has described, much Chinese secret activity remains “HUMINT enabled cyber espionage”, rather than cyber espionage per se.

Indeed, China’s previously mentioned whole-of-society approach underlines the ongoing value China places on human assets. The legal mandates that place Chinese businesses, organisations and individuals at the service of state intelligence activities are far from being purely words on the statute book; the Chinese authorities expect genuine cooperation from all parts of Chinese society. As Western observers have noted, China has a “thousand grains of sand” approach to intelligence collection, which China expert Alex Joske has described as being like “a stream of tourists … [going] to the beach in broad daylight, each picking up a single grain”, which they then return to the Chinese authorities to be “analysed and aggregated to form a brilliant picture”. Some Western observers, including Joske, have questioned how much the thousand grains theory might overstate the informal nature of Chinese efforts, noting that an official hand might not always be visible, despite being present. Nevertheless, as Eftiamides has pointed out, the cases of Chinese espionage where professional tradecraft is on display make up a relatively small proportion of the whole, suggesting that, however important state operatives remain, societal assets enable the scale of Chinese efforts.

Style and characteristics

The research finds that China applies its methods and techniques cautiously, usually calibrated to avoid interfering in other states’ affairs, to promote an image of China as a trustworthy global leader and international stabiliser; as Economy notes, China sees the wide acceptance of positive narratives about itself as a key tool in its campaign for global pre-eminence. According to Mao Zedong, the founder of the People’s Republic of China, a strong reputation, enhanced by “united front work”, was one of the CCP’s “magic weapons” to defeat its enemies. Unsurprisingly, therefore, the narrative of China’s “peaceful rise” has played a vital role in China’s efforts to convince Western governments that it is not a threat, but a friend.

Thus, China places great importance on employing tools and methods that seem to offer positive, legitimate benefits to targets, but also have what Allen describes as a potentially malign “dual function”. When more obviously hostile acts are used, moreover, China seeks to make them as low-key as possible to avoid looking like strategic threats. As soldier-scholar David Kilcullen describes, China often uses probes on a small scale across multiple areas, which poses “a bandwidth challenge” that tests “[a] rival’s capacity to cope”, rather than creating an intense, escalatory cycle. China also prefers an indirect approach to attack, avoiding frontal assaults on targets where they are strong, focusing instead on places where they are weak. In an interview for this research, Eftiamides alluded to the writings of Chinese military strategist Sun Tzu, noting that China’s preference has been to operate like “running water, flowing into the vulnerabilities and openings left by opponents”. This approach has been particularly important in espionage, where the Chinese have looked to exploit unguarded vulnerabilities that the West has seen as off-limits, such as the private sector, academia and civil society, or elements of Western governance that governments treat as less important to national security, such as state, provincial or local administrations. The Maoist guerilla technique of “using the local to surround the center”, (nongcun baowei chengshi) has been widely used in malign influence operations, where potential agents of political influence have been cultivated in local politics at an early stage of their career, laying the groundwork for future exploitation if their target reaches the national stage at some future point. The attempt to co-opt Eric Swalwell – luckily identified and disrupted before any harm could be done – is a significant case in point.

The Swalwell case also points to another aspect of the Chinese approach: patience. Collecting target states’ data on a grand scale – some of which is encrypted and thus not immediately exploitable – suggests a long-term perspective. China’s approach to cyber effects operations, which increasingly use “living off the land” techniques to hide within penetrated networks without detection for long periods, suggests a willingness to bide one’s time. China can be flexible too when it deems it advantageous. China expert Andrew Erickson notes that where resistance is weak, China will press its advantage; where resistance is strong, it will step back and bide its time or switch approach – if China has a timetable, it remains a loose one, and methods and routes of travel can vary, even if the intended objective remains the same.

China can make exceptions to this broadly subtle and nuanced approach, however. It can sometimes take off its “velvet glove”, particularly when it sees its core national interests at stake, especially regarding Taiwan. As noted above, Taiwan is the primary target of the largest single proportion of China’s overt and covert hostile activities. These are usually most intense around key political events in Taiwan; during the Taiwanese presidential election of January 2024, China subjected the island to a barrage of verbal threats, cyber-attacks, disinformation campaigns and offshore naval exercises. In contrast, much of China’s hostility towards Western countries has a performative feel, although Beijing can become aggressive when it believes its benevolence is being questioned. For example, Australia’s demand for an enquiry into the origins of the Covid-19 pandemic in April 2020 led China to impose heavy tariffs and trade restrictions on it. Concurrently, Australia was also subject to a series of unattributed cyber attacks on the public and private sectors, which the Australian government assessed to have been executed by a “sophisticated state-based cyber actor”, which external experts took to mean a Chinese group.

Areas of restraint

As this discussion suggests (with Taiwan put partially aside), China has largely avoided using kinetic or violent measures such as assassination, terrorism or physical sabotage. While increasingly intrusive, its cyber effects operations against the West have not sought to cause large-scale disruption, nor its information operations to cause significant social division. China has also eschewed extensive interference in Western elections, and direct meddling in the political arrangements of other countries. Although it may have had a hand in approving the removal of Zimbabwean leader Robert Mugabe by the Zimbabwean Defence Forces in November 2017, the evidence remains inconclusive and circumstantial.

Some US politicians have claimed, of course, that China has weaponised the trans-Pacific trade in opiate precursors, causing an epidemic of synthetic opiate addiction in North America. However, even if some intentional official Chinese negligence is probably involved – which might be calibrated according to the current state of political relations with the US – the growth of the precursor trade has probably been enabled by many other factors too, such as Chinese institutional incompetence, limited law enforcement resources and corruption, as well as the significant demand for opiates in North America itself.

Furthermore, it is important to note that China’s whole-of-society approach is largely focused on deploying licit rather than illicit actors; “patriotic” Triads and cyber-criminals are used on occasion, but much less widely than in Russia, where Western observers, such as the UK Parliament’s Intelligence and Security Committee, see a “symbiotic” relationship between the state and OCGs. Other non-state actors familiar in Russia, such as private military companies (PMCs), while present, have a much smaller role than comparable Russian organisations such as the Wagner Group and its successors. Chinese PMCs such as China Security & Protection Group, the Shandong Huawei Security Group and Genghis Security Services provide security for China’s Belt and Road Initiative, and have close links to the Chinese military and intelligence services. However, they do not appear to have been used at any great scale by the Chinese state to support clandestine or covert activities. China has avoided relationships with terrorist groups and insurgents too. Despite Indian government assertions that China has supported the Maoist Naxalite insurgency in the east of India since the 1960s, the evidence for the claim is thin.

Explaining Chinese hostility

The currently contentious relationship between China and the West, particularly the US, has prompted Western observers to ask what has led to a more antagonistic China. Some Western critics of China believe the shift is more apparent than real, following a period of false friendship that lulled Western powers into complacency. For these “China hawks”, Beijing has a long-term strategy aimed at world domination that has lasted since the birth of Communist China in 1949. More structurally minded observers have depicted the tensions as a natural outcome of a rising power (China) challenging an established hegemon (the US), while those with a personalist approach have pointed to the rise of President Xi in 2012 as the critical variable, whose more aggressive outlook and approach differ markedly from those of his immediate predecessors, Jiang Zemin and Hu Jintao.

These different perspectives offer valuable insights but are too simplistic to fully explain recent developments. Given the numerous vicissitudes and leadership purges the country has faced over the past 70 years, the idea that the Chinese leadership established and has adhered to a long-term plan devised in the 1940s is difficult to accept. So, too, is the notion that a clash with the West is unavoidable. As China expert T.V. Paul has pointed out, peaceful accommodations between great powers do occur. Nor can China’s current aggressiveness be wholly Xi’s doing. China remains a vast, bureaucratic party state. Xi is probably the most powerful Chinese leader since Deng Xiaoping or Mao, but China is not quite a one-man show yet.

As ever in such complex political situations, multiple factors are at play. Without accepting the premises behind phrases such as “long-term plan” or “inevitable clash”, it is hard to ignore the existence of inherent frictions in the relationship between Communist China and Western states, despite the several decades of apparent amity that followed US president Richard Nixon’s opening to China in 1972. Historic – and understandable – Chinese resentment towards the West has played a part. Chinese scholars and officials have pointed to China’s “century of humiliation” between the 1840s and 1940s, when Western countries actively meddled in China to pursue their interests. Communist China and the West have also held consistently different views about how the international system should work. In contrast to the liberal, rules-based vision of the US and its allies, China has favoured “hard” state sovereignty, which prioritises non-interference in other states’ affairs, and an international system that privileges the rights of a small number of “great powers” – among which China includes itself. In that regard, China has also looked to promote its sovereignty over Taiwan, its territorial claims in the South and East China Seas, and its right to a wider sphere of influence in East and South-East Asia. As China scholar Martin Jacques observed in the years before Xi’s rise, China’s foreign policy towards its home region was “tinged with the thinking of the tributary system”, pointing back to an era when China’s neighbours paid material tribute to its emperor. That thinking also implied that China expected one day to be a global power, reflecting the natural superiority of Chinese civilisation.

There is ample evidence of these core differences in perspective between China and the West dating back to the 1980s. Even Chinese leaders who were relatively well-disposed towards the West have been candid behind closed doors about adopting a gradualist approach to China’s ascent; as Deng told his colleagues, China must “hide its strength and bide its time”. Rather than simply cooperating with the West as many in the West assumed, China has, in the words of Kilcullen pursued a genuinely “twin-track” strategy that emphasises the notion of peaceful cooperation “while simultaneously advancing military modernisation and vigorously defending China’s national security interests and socialist ideology against Western encroachment”. Even during the eras of Jiang and Hu, China began to push back against Western criticism of its human rights record, and adopted a more assertive position on maritime border disputes in the South China Sea. As Jacques predicted, an increasingly powerful China was showing that it would not “always adjust to and adopt Western cultural norms”.

Some of China’s increasing assertiveness also reflected fear of, and pushback against, the West, justified or not. The student-led protests in Tiananmen Square in 1989 were a persistent reminder to the CCP of the potential attractiveness of liberal democratic ideas in Chinese society, later reinforced by democratic “colour revolutions” in authoritarian states of the former Soviet Union in the 2000s and the Arab uprisings of 2011. Such events caused particular anxiety to regimes such as China’s due to an inchoate fear that the West could use such revolts as grounds for providing material support to opposition groups. Strange though it might sound to Western ears, China was genuinely concerned by the West’s willingness to use force without UN backing, first to defend human rights in Kosovo in 1999, which led to the accidental bombing of the Chinese embassy in Belgrade by North Atlantic Treaty Organization (NATO) forces, and then ostensibly to tackle the proliferation of weapons of mass destruction in Iraq in 2003.

However, it is important not to overstate the role of such influences too much, as they have been operating for many decades without having a decisive effect on Chinese behaviour. More important have been changing structural power factors – what the research describes as “geopolitical climate change” – that have enabled and encouraged China’s leadership to take a more assertive stance. The fundamental enabler has been the shifting balance of global economic strength towards emerging economies, the most significant of which is China, the GDP of which grew from around US$1.2 trillion in 2000 to around US$14.9 trillion in 2020. In line with the logic of military historian Paul Kennedy, China’s political and military strength has also grown in the wake of its burgeoning economic might. As China and other emerging powers’ economic strength has waxed, moreover, that of the US and its allies has waned. According to some estimates, the BRICS (Brazil, Russia, India, China and South Africa) countries’ share of global gross domestic product passed that of the Group of Seven (G7) major Western economies (Canada, France, Germany, Italy, Japan, the UK and the US) in around 2020, with the BRICS representing 35.43% of world income in 2024, compared with the G7’s 29.64%. The global financial crisis of 2007-08 highlighted the weaknesses of the Western economic model, while the military and political failures of interventions in Afghanistan and Iraq suggested that the US and its allies could no longer impose their will on other states as they had done in the 1990s. The moral and ethical reputations of the US and other Western powers were also tarnished in these expeditionary wars, with claims of hypocrisy and deceit over the origins of the war in Iraq, as well as subsequent scandals about the use of torture, spying on allies and domestic surveillance. As US political scientist Alexander Cooley has argued, to many in the developing world, the West has appeared not only to be failing materially but morally, putting it in “normative retreat”, and making the authoritarian models of China and Russia more attractive by comparison.

However, even if structural influences have played a critical role in shaping the current situation, one cannot ignore the distinctive tone Xi has brought to the Chinese challenge. Ostensibly, much of Xi’s vision of what he has called his “China dream” has focused on economic growth and technological development. Programmes promoting innovation in manufacturing such as “Made in China 2025” look towards what Xi has described as a “modern socialist country” by the 100th anniversary of the Chinese Revolution in 2049. Many of Xi’s external policies have been primarily economic and collaborative, promoting the development of international trading infrastructure and financial investment through the Belt and Road Initiative and the Asian Infrastructure Investment Bank. As Xi told the CCP National Congress in October 2017: “The Chinese nation … has stood up, grown rich, and become strong. It will move toward center stage and make greater contributions for mankind”.

But while much of Xi’s language about “the construction of the common destiny of mankind” has sounded benevolent, his vision has had hard edges too. Xi has encouraged China’s economic development by fair means or foul, and the country’s massive commercial espionage campaign, while predating Xi’s leadership, has accelerated during it. At the same time, while seeking Western know-how, Xi has also sought to make China a more closed society. In a paper known as “Document No. 9”, circulated in April 2013 and subsequently leaked, the CCP’s Central Committee listed “false ideological trends” coming from the West that had to be combatted, including liberal democracy, universal values, civil society and Western-style journalism. Xi’s warm words to the world, have, moreover, translated into an approach that Tsang and Cheung describe as “self-centred, hierarchical, illiberal, and coercive”. As they note, Xi’s favoured term to describe his international vision – “common destiny” – has roots in the traditional Chinese idea of tianxia (meaning “all under heaven”), which places China at the centre of the international order, as a benevolent guide and judge over all. While the pre-Xi CCP seemed uninterested in promoting “socialism with Chinese Characteristics”, during the past decade it has energetically pushed the Chinese model of technological surveillance and social control in the developing world. Xi’s China has also taken a stronger line on dictating – and not just promoting – China’s role as an arbiter of all China-linked affairs on a global scale. Not only does Xi see China as having ultimate authority over all ethnic Chinese outside China, regardless of nationality, but also over how China is perceived and treated. As Allen notes, China increasingly assumes that “criticizing Chinese government behavior is always a violation of China’s sovereignty and, thus, a form of meddling in its domestic affairs”. Although critics note a fundamental contradiction in Xi’s stance – a state cannot logically promote sovereign equality while also seeking to control others – Xi and those around him see no contradiction. Because China believes itself to be benevolent and wise, it has concluded that the interests of other states must be the same as China’s.

Why state threats?

The research acknowledges that China’s overall “grand strategy” has various strands, including vast economic investments in the developing and developed worlds, diplomatic efforts to shape and create international institutions favourable to its goals, and a massive military build-up. However, China’s use of state threats has been a key part of the strategy, providing a hard edge to its statecraft that might otherwise come from military adventurism. A cost-benefit analysis suggests some basic reasons for China’s use of state threats over conventional war. If clandestine and covert operations fail, they are easier to abandon or deny than a military adventure, but if successful, they offer the potential to create a significant return on a small investment; for example, commercial espionage has been of obvious value to China in its attempt to catch up with and surpass US economic and military power, while covert activities such as cyber effects and information operations have offered relatively cheap ways to disrupt local opponents such as Taiwan and to signal political resistance to the West. State threats also play to China’s economic strengths; such tactics, subtle though they might be, could have a disproportionate impact on countries that are economically dependent on China. While these countries may dislike the experience of being bullied or manipulated, they are less likely to respond unfavourably if they feel their economic relationship with Beijing is at stake.

In contrast, despite its growing military strength, China can be far from certain about the outcome of any war with the US over Taiwan or in the South China Sea. Even a victory would be economically and politically costly, setting back the attainment of China’s overall objectives of economic prosperity and global leadership. At the same time, defeat would risk the collapse of the CCP regime. A war with the US would also risk a nuclear exchange, with potentially catastrophic consequences for both sides.

The use of state threats also dovetails neatly with China’s military tradition, going back to Sun Tzu’s The Art of War, through Mao’s writings on guerrilla warfare, to Liang and Xiangsui’s Unrestricted Warfare, and China’s official “Three Warfares” strategy of 2003, which highlighted psychology, public opinion and legality as central battlegrounds in war. Chinese strategic thought consistently stresses a cautious, incremental and roundabout approach to achieving victory, minimising costs, and encouraging opposing nations to undermine themselves from within – a technique known as wu wei. The Chinese military tradition has also probably helped shape the nature of state threats China has so far used, eschewing violent activities such as assassinations or terrorism as weapons of first resort because of their potential for counter-productive results. This has probably also shaped Beijing’s preference for licit over illicit non-state actors as partners and proxies; Beijing appears more focused on promoting order and empowering governments rather than on accelerating political entropy.

China’s performance and effectiveness

It is challenging for outsiders to evaluate the operational performance of clandestine and covert operatives. In liberal democratic countries, intelligence successes are typically not disclosed until long after operations have concluded – if ever. In contrast, failures quickly find their way into the media, skewing outside views towards negative judgments. In authoritarian states such as China, the problem of opacity is still greater due to high levels of secrecy and a widespread desire to conceal mistakes, making both successes and failures difficult to identify and assess. Consequently, outsiders’ assessments of these states’ performance and effectiveness must be treated cautiously: they can provide a helpful “sense” of current performance, but not a detailed scorecard.

Operational performance

Across the spectrum of state threats, the performance of Chinese operational actors has improved broadly – if not comprehensively – over time. They have also performed impressively in areas such as cyber espionage and effects operations, where hacks such as the OPM data theft of 2015 and the penetration of the Microsoft Exchange Server systems in 2021 led to ill-suppressed admiration as much as ire from Western officials; as General Mike Hayden, former head of the National Security Agency (NSA), the US’s cryptology, signals intelligence and cybersecurity agency, said of the OPM hack in 2015, “this is not ‘shame on China.’ This is ‘shame on us’ for not protecting that kind of information”. Moreover, expert assessments suggest that Chinese cyber performance has continued to improve in recent years. According to cyber expert Jamie Collier, interviewed for the research, Chinese APTs – if far from perfect – have “become more sophisticated and flexible” and “more adept at living off the land” within targeted systems. Discussing the multi-year penetration of nine US phone companies by Chinese state-linked APT Salt Typhoon in March 2025, Ciaran Martin, the former head of the UK’s National Cyber Security Centre, described the operation as a “strategic spying operation of breathtaking audacity”.

In contrast, human-centred operations present a much more ambiguous picture. Eftiamides has identified improvements in various aspects of Chinese HUMINT tradecraft over the past 20 years in areas such as targeting, recruiting, operational agility and, to an extent, operational security, while at the same time noting poor agency oversight and case management. Eftiamides and other Western experts have also expressed doubts about China’s capability to analyse and assess the huge amount of intelligence it is collecting; as Peter Mattis, a China intelligence expert, has commented, “if you’re searching through massive data, your results are only as good as your queries”. Another area where China continues to have mixed results is in online information operations. Research conducted by the Oxford Internet Institute suggests that China is in the top tier of state players online, and other evidence has shown China using generative AI to develop its messaging. However, the results China has so far attained have been relatively underwhelming in terms of quality of material, if not quantity of activity. A recent Chinese government-backed disinformation campaign by the Spamouflage cyber group targeting US audiences has drawn sceptical responses, with Jack Stubbs, a social media executive, describing China’s approach as being “like throwing spaghetti at the wall”. As Stubbs went on to say, however, “they are throwing a lot of spaghetti”.

Explaining China’s performance

Clandestine and covert activities are, of course, inherently problematic. Cyber expert Lennart Maschmeyer has argued that an inherent “subversive trilemma” limits and undermines such operations from the start because of the need to make trade-offs between operational speed, the intensity of effect and control. Many operations require operatives to undertake complex tasks in contested and dangerous environments, where a target’s preparations or potential responses are often unknown, bringing considerable risks to the human and technical assets involved. Extensive planning and preparation are thus necessary to achieve even the most basic operational elements, with minor problems quickly widening in scope as an operation becomes more complex.

Alongside these generic issues with secret operations, China has further specific problems, most obviously the institutional character of its intelligence agencies. The operational management of the MSS is highly fragmented at provincial level, and centralised standards of tradecraft do not appear to apply. Outside experts also see the MSS as highly risk-averse and politicised – keener to follow ineffective but safe practices than to innovate, and anxious not to present intelligence that causes political problems with senior figures. China’s relatively poor performance in human-intensive operations also probably reflects the significant cultural and linguistic barriers between Chinese operatives and their targets, especially in Western countries. China’s whole-of-society approach relies heavily, too, on civilians who lack extensive operational tradecraft training. While some might be naturally talented amateur spies, they are unlikely to be great in number.

However, these difficulties have not precluded the possibility of a strong operational performance in the cyber sphere. China has probably performed relatively well here because of its inherent technological strengths. China has had a sophisticated and growing hacking community since the 1990s, investing heavily in innovation and technical and scientific education. The Chinese state has had a significant talent base and commercial and educational infrastructure to draw upon for its cyber operations. Specific reforms of MSS and PLA cyber capabilities in 2015 and 2016 may also have helped overcome some of the more general institutional problems in those agencies, along with their exposure to external innovation in the private sector. Where the whole-of-society approach has brought challenges for human-centred operations, its application in the cyber sphere, which has focused on leveraging a select body of professional expertise rather than mass public involvement, appears to have paid greater dividends.

Impact and effectiveness

The research argues that assessing the effectiveness of state threats poses a significant challenge to policy researchers. The study of policy success – whether it has achieved its intended outcome – (most often framed as “programmatic success”) is an evolving field that has sought to apply social science and econometric evaluation methods to various aspects of public policy, primarily within the domestic sphere. However, while not absent from international relations or security studies, such methods are less easily applicable to many questions in these two fields, given the inherent complexities and ambiguities of the international environment. The research therefore assesses the impact of state threats qualitatively rather than quantitatively, judging their impact and effectiveness against the revisionist states’ broad strategic goals; it acknowledges, moreover, that such assessments are more art than science, and more likely to yield correlations rather than patterns of causation.

China’s grand strategy has many objectives, but the main ones can be distilled down to one set of defensive objectives; and two sets of offensive objectives, one regionally focused and the other globally:

1. Ensuring the survival of the CCP regime and protecting China’s territorial integrity.

2. Achieving China’s territorial goals (for example, regaining Taiwan) and hegemony within the Asia-Pacific region.

3. Overtaking the US as the globally predominant power and recasting the international system in China’s image.

In the first set of objectives, Chinese secret operations have probably had a positive effect. China’s commercial espionage campaign has almost certainly provided a significant boost to China’s economic and technological development, helping make the country more prosperous and, by extension, increasing the regime’s stability. The scale of the boost these efforts have brought to the Chinese economy is difficult to assess; however, based on the scale of the drain on Western resources, it seems likely to have been substantial. As early as 2015, General Keith Alexander, former head of US Cyber Command, described China’s commercial espionage campaign as “the single greatest transfer of wealth in history”. According to the Commission on the Theft of American Intellectual Property’s final report in 2017, IP theft costs to the US were running between US$225 billion and US$600 billion annually, with China the main perpetrator. By early 2025, Eftiamides estimated that the annual cost to the US of Chinese IP theft was nearly US$500 billion.

China’s repressive tactics against overseas dissent have also probably helped to bolster the regime. Research suggests that such repressive tactics can have a chilling effect on criticism; however, evidence about the scale and significance of such an effect appears limited, and it is essential to recognise that attempts to quash criticism and dissidence can embolden as well as repress opposition. As strategy scholar Lawrence Freedman notes about coercive activities in general, such techniques rely heavily on a model of human psychology that has yet to be consistently validated. Indeed, regarding the second set of objectives, available evidence suggests that China’s use of overt and covert intimidation against its neighbours has strengthened rather than weakened resistance to China’s aims. In January 2024, Democratic Progressive Party candidate Lai Ching-te won the Taiwanese presidential election despite extensive Chinese efforts to undermine him, while the Philippines has continued challenging Chinese attempts to redraw maritime boundaries in the South China Sea. Recent research on the attitudes of political elites in South-East Asia suggests that there is little appetite for a China-led regional order, and among the several possible reasons for this is a perceived lack of Chinese restraint, exemplified by its wolf warrior diplomacy and military sabre rattling.

Finally, on the third set of objectives, China’s hostile activities seem to have had a mixed effect. Certainly, China’s massive commercial espionage campaign has helped in its attempts to catch up with and rival the US. However, compared to other factors such as domestic investment, espionage’s role is impossible to assess, and may have also been counterproductive in other ways. The campaign’s size and ambition have repeatedly drawn the attention of Western intelligence leaders, who have devoted more resources to disrupting and working together against it. Covert influence operations are likely to have helped generate international support for China’s views, especially on critical issues such as the status of Taiwan. But the role that covert influence has played, compared with a wide array of other forms of open diplomatic, political and economic engagement, is hard to discern. However such international support has been generated, moreover, it is an open question how deep it is. The scale and ruthlessness of China’s campaign of domestic and transnational repression have drawn significant criticism from international civil society groups, and the scale of China’s espionage and influence operations has generated increasing media attention and public criticism in the past two years. Both of these are reputational problems for China, further compounded by its ongoing support for Russia’s war in Ukraine, including recent claims of Chinese nationals fighting on Russia’s side. Although many countries remain ambivalent about China, they are anxious too about the CCP’s intentions and have strongly resisted being coerced – or seduced – into supporting its objectives.

Impact, expectations and timescale

Aside from its commercial espionage campaign – admittedly a success – it seems that so far, at least, China’s state threats have had a limited and sometimes counterproductive effect. While China has built strong support in parts of the developing world for some of its objectives, it remains unclear to what extent this has been due to diplomacy and economic engagement, rather than clandestine or covert activities. However, the potential effectiveness of state threats must not be dismissed simply because results are challenging to demonstrate. As Kate Starbird, a disinformation researcher, has observed, “the difficulty of measuring impact doesn’t mean that there isn’t meaningful impact”.

This is particularly important when one considers when China expects to see results. As former Australian intelligence official Duncan Lewis has suggested, the desired outcomes, especially of disinformation and malign influence operations, might be expected in the long term. Changes in complex political, social and economic systems typically unfold slowly and gradually before becoming decisive and dramatic. Despite the resilience shown by the West thus far, it is possible that Chinese subversive activities, carried out over many years, may contribute to corroding the West’s political will to oppose it. It is possible that, as Chinese Communist leader Zhou Enlai is apocryphally reported to have said when asked about the effects of the French Revolution, “it is too soon to tell”. It could also be too soon to tell in other areas of secret activity. Chinese espionage may have helped give it a decisive military advantage over the US, other Western states and regional rivals such as India, but such an advantage might not become evident until a war breaks out. Similarly, Chinese cyber effects operations, which have refrained so far from causing large-scale disruptions, may also be intended for long-term exploitation, preparing the battlefield for a potential future war.

China’s future trajectory

The research thus argues that understanding China’s future trajectory is essential to assessing the gravity of the threat it poses. The research applies the framework of intention–capability–opportunity to the question, finding that despite the ambiguous results of China’s overt and covert hostile acts so far, Western governments have every reason to remain concerned about their potential impact in the future.

Chinese perspectives and intentions

The fundamental clash of worldviews and perceived interests shaping the current tensions between China and the West seems unlikely to be resolved soon. President Xi has said that he sees the balance of economic, political and military forces moving in China’s favour and that he expects “great changes unseen in a century”. He has told President Putin, moreover, that “time and momentum are on our side”. In such a context, Xi probably sees no reason to change course, suggesting that he intends to continue pushing for Chinese sovereignty over Taiwan, the revision of maritime boundaries in the Pacific, China’s regional hegemony in the Asia-Pacific region and Western acceptance of China’s global role. As Tsang and Cheung argue, while Xi does not wish China to replace the US as a “global policeman”, he is eager for the rest of the world to comply with China’s demands.

Unless Western states change their minds about supporting a rules-based international order, they will remain obstacles to Chinese ambitions. Tensions will persist, and China will continue to engage in hostile acts as part of its grand strategy. The key questions will be how intense or wide-ranging those hostile acts might become. Concerningly, there are already some indications of growing intensity; China has become more aggressive in the cyber effects and information spheres since the Covid-19 pandemic. However, it remains unclear whether recent cases amount to a permanent change in Chinese behaviour. Indeed, such signals of intent must be balanced against continuities of Chinese behaviour that do not suggest any dramatic escalation to come. China remains much more constrained in its behaviour than Russia: it has not used assassinations or widespread physical sabotage; it has not attempted to disrupt Western systems through cyber effects operations; and it has not sought to interfere in Western electoral processes at a level comparable to Russia’s 2016 US presidential operation. As noted previously, China prefers stability over chaos, and to have friends rather than enemies, especially if it is to become the world’s pre-eminent power; as the former UK ambassador to North Korea, Alastair Morgan, put it in an interview for this research, “if it can help it, China prefers not to smash up a system it would like to inherit”.

• Wild cards

However, contextual factors affecting China’s intentions might change given the febrile nature of world politics. President Trump’s return in January 2025 upended many long-held assumptions about US intentions, the strength of the Western alliance and the conduct of international diplomacy. It is quite conceivable that Trump could escalate his current tariff war against China, or alternatively seek a so-called “grand bargain” with his Xi, abandoning long-term US allies such as Taiwan to their fate. Indeed, Trump has shown himself attracted to the sort of thinking in terms of great powers and spheres of influence that already animates the minds of Xi and Putin. With a man as mercurial as Trump, the next move is hard to predict.

How might China respond to these different US approaches? In the first scenario of growing US hostility, China will probably respond in kind, as happened with Beijing’s retaliatory response to Trump’s “Liberation Day” tariffs. Nonetheless, short of a crisis over a key interest such as Taiwan, China seems likely to remain restrained, even in escalation. Depending on how erstwhile US allies respond to Trump’s policies, moreover, China might start to take a more segmented approach to state threats, targeting the US and those that continue to align with it, while easing pressure on those that do not. China has long sought to prise Europe and the Five Eyes nations away from their alliance with the US, and Trump’s second term might provide them with an opportunity to do so.

If a “grand bargain” were to be achieved – which is, admittedly, a remote prospect – China may temper its clandestine and covert activities if it helps it achieve larger goals. As Parton reflected in an interview for the research, China’s approach is Bismarckian, emulating the nineteenth-century Prussian and German chancellor who pursued the long-term aim of German unity through flexible means. However, it is doubtful whether improved US-China relations would mean a severe scaling back of Chinese secret activities against the US and its allies, as no grand bargain with the US is likely to meet all of China’s demands. Indeed, whether such an agreement would be possible at all is doubtful. Despite warm words about Xi, Trump has been hostile to China’s economic rise at least since his first term, and his administration features several prominent “China hawks” such as Secretary of State Marco Rubio. Even if an agreement could be reached, moreover, its longevity would be in question, because of both Trump’s unpredictability and the flexibility with which the Chinese treat international agreements. As President Obama found in September 2015, an agreement with Xi to cease and desist from cyber-based commercial espionage, much vaunted at the time, only had a temporary effect on Chinese cyber activities.

A further potential wild card would be Xi’s departure. If he were to leave power, there would be hope in Western capitals of a softening of the Chinese position. However, any successor to Xi that might emerge in the short-to-medium term would come from the ranks of a CCP that Xi has actively shaped in his own image. If Xi were to depart, leadership candidates wishing to take a less assertive international posture would not be in a strong position to succeed him. Even if they were, underlying geopolitical dynamics, combined with China’s rising expectations of global leadership, suggest that the structural factors which shape and enable the current level of tension between China and the West would remain broadly the same.

Chinese capabilities

China is by far the strongest economically, politically and militarily among the four main revisionist states, and will almost certainly remain so. However, it faces several domestic challenges, such as an ageing population, a stagnant property market and receding foreign direct investment. Corruption and favouritism are also enduring problems, despite Xi’s anti-corruption drive, and there is evidence that the Chinese bureaucracy has become less efficient and more risk-averse under his leadership.

These broader problems have their parallels in the clandestine and covert spheres. Although China boasts one of the largest security and intelligence apparatuses in the world, estimated to number around 600,000 people, its HUMINT capabilities are of variable quality. As Eftiamides has argued, the operational performance of the core intelligence agencies has improved somewhat in the past 20 years, but in his most recent assessment in 2025, he found deep-seated structural issues that would be likely to limit room for further improvement. China’s whole-of-society approach adds volume and depth to the state’s operations. As Parton remarked in an interview, through its vast population and diaspora, China can call upon “a huge informal ecosystem through which the CCP can attain its goals”. However, these informal networks are not made up of uniformly dragooned state or party operatives, and individuals’ willingness to cooperate with the CCP and the intelligence agencies cannot be taken for granted; “elements of the Chinese diaspora are subject to pressure, but they are not innately disloyal to their home countries”, Parton observed.

The whole-of-society approach brings other problems too. While the quantity of intelligence collected might translate into some form of quality, the ratio between good and useless material is likely to be abysmal, with a success rate like that of prospecting for gold in a muddy river. If enough individuals are sent out prospecting for long enough, they might find gold. However, it will depend on whether they are in a suitable location, recognise gold when they see it and have the expertise to transport it safely back to those who might know how to use it – for example, the MSS. There will also be the matter of whether those end users have the tools to process all the collected nuggets and combine them successfully, and in this, Eftiamides and other experts have their doubts.

By contrast, China’s prospects are excellent in the cyber sphere, which is crucial to China’s espionage and effects operations. The country will likely maintain its current position and probably continue improving in this area, bolstered by its established capabilities, extensive private technology sector and supply of technologically educated young people. China is also extremely well-positioned to take advantage of various technological advances with potential implications for clandestine and covert operations. In the field of quantum computing, which has the potential to crack current encryption methods by using sub-atomic quantum bits (or qubits) to increase computing speed, China is a major rival to the US. In the past few years, China has also made dazzling progress in generative AI (which uses deep learning models to create new textual, visual and sound content) and agentic AI (which uses autonomous agents to complete complex multi-stage tasks without human guidance), both of which have potential value for cyber hacking and online information operations. In 2024, technology firm Microsoft reported that China, Russia, Iran and North Korea, had been experimenting with AI to support their cyber espionage and effects operations. Another technology firm, OpenAI, further reported that China, Russia and Iran had used generative AI in disinformation operations, crafting fake comments and articles in various languages, and generating names and bios for social media accounts. In April 2025, Taiwanese officials claimed that China was using generative AI in its information operations against the island with increasing volume and sophistication.

As the research notes, however, caution is needed when assessing the likely impact of new technologies. Despite advances in recent years, even the promoters of quantum computing admit that the powerful platforms they envision have not yet been fully realised and might not be before the late 2030s. By then, “quantum-safe” or “post-quantum” cryptography might also be effective. Regarding AI, moreover, leading generative models still produce strange “hallucinatory” content, undermining the technology’s overall credibility; as several critics have argued, “cheapfakes” made with easily accessible software have been more impactful than “deepfakes” made with generative AI. Thus far, AI has improved quantitative performance measures (for example, volume, velocity, speed) more than quality measures. AI is not solely a weapon for bad actors, either; as cyber researcher Max Smeets points out, AI can also improve cyber defences, detecting and patching vulnerabilities autonomously, while monitoring and responding to hostile actions.

• Untapped resources

China makes only limited use of non-state groups such as PMCs or illicit actors such as OCGs. It seems to entirely eschew other illicit actors – foreign terrorists, insurgents and political extremists. Neither approach seems likely to change soon, for several reasons. Firstly, China already has considerable state and licit non-state resources available, and little need for illicit non-state actors to support its operations. Secondly, while the CCP makes selective use of OCGs on occasion, it has no great liking for the disorder that they and other potentially violent actors can bring, especially within China. Indeed, a key part of Xi’s overall project is stamping out corruption and criminal activity, especially within the party. He is unlikely, therefore, to provide OCGs with too permissive an environment in which to operate. Thirdly, China is mindful of its reputation within the international community, which it will not wish to besmirch with too obvious associations with illicit non-state actors. In short, it seems morally squeamish about who it works with in a way that others such as Russia, Iran or North Korea seem much less concerned by.

However, China’s current approach does not need to stay the same forever, and its current restraint means that it also has a range of untapped non-state capabilities that might be deployed in the future. Chinese OCGs with links to diaspora communities could be a particularly potent resource for Chinese espionage, the tackling of overseas dissent or physical sabotage. What could lead the CCP to change its approach? The likely answer is a significant exigency that tests China’s current capabilities or necessitates more extreme actions in overseas jurisdictions; almost certainly, this would be a crisis over Taiwan or a conflict with another neighbour, such as the Philippines. In such situations, China might respond to Western intervention against it with methods reminiscent of those employed by Russia against supporters of Ukraine and greater willingness to collaborate with illicit non-state actors. However, outside of such circumstances, it seems unlikely that China would do so.

Chinese access and opportunities

China’s secret operations encounter several challenges when accessing Western societies, including significant cultural and linguistic differences, and growing Western governmental and media caution regarding Chinese espionage and malign influence. Western governments have also devoted greater attention and resources to resilience issues, including targeted action to reduce China’s role in critical communications technologies, especially 5G networks. While no Western country wishes to disengage or decouple from a relationship with China, a strategic “de-risking” process is underway across many countries in Europe and the Anglophone world. Several Western countries have also bolstered the significant advantages they already enjoy in the cyber sphere. Gavin Wilde, a cybersecurity and information expert, noted in an interview for the research that the US remains “the biggest kid on the cyber block” (in the words of former US director of national intelligence James Clapper). He also noted that major Western states such as the UK and France, while not in the same league as the US, “have advanced cyber security capabilities which are going to give any attacker pause”.

However, despite these defences, China still enjoys significant access to Western countries. Unimpeded by major diplomatic expulsions such as those of Russian officials, China’s intelligence agencies can continue operating under official cover in Western states. Chinese businesspeople, workers, academics and students continue to travel freely overseas, enlarging the size of the already massive global Chinese diaspora. China’s involvement in communications and logistical infrastructure across the Asia-Pacific region, Africa, the Middle East, Latin America and Europe has continued too. The world remains open to China. Unless a major crisis compels some countries to reassess their relationship with Beijing, there are few apparent reasons why this situation should change anytime soon. Although many Western countries in Europe and the Asia-Pacific region wish to support Taiwan and human rights, they also want to retain valuable economic ties with China. Western businesses wish to maintain access to Chinese markets and Western consumers want to buy comparatively cheap Chinese goods: the appetite to change that situation by making their relationship with China primarily about national security interests is limited, especially among European leaders. This imperative is likely to be even stronger for many states due to the vicissitudes and uncertainties of the Trump administration’s economic policies.

Possible operational developments

On balance, China’s state threats campaign will likely continue to look much the same. Espionage will continue at a massive scale. While remaining discernibly the same though, the scope and intensity of some of China’s operations will gradually increase, especially in terms of cyber effects and online influence operations. China will likely enhance its current performance levels in both these areas of activity by leveraging its increasing access to global communications infrastructure and applying evolving technologies such as generative AI.

China’s relentless efforts to track down and repress Chinese dissidents will also continue and probably expand in scope. China has become increasingly paranoid about potential Western penetration in recent years. As Economy observes, “virtually any issue can now be labelled a threat to Chinese sovereignty or social stability”. This suggests that Western individuals and organisations within China, or even its perceived regional sphere of influence, will be seen as potential threats. China’s growing integration into global digital systems will also potentially allow it to extend its domestic surveillance state beyond its borders to monitor dissent in other states, and not necessarily just dissent emanating from Chinese-heritage individuals. Allen notes that China’s interpretation of “internet sovereignty” has stretched well beyond its borders in recent years, making it the self-appointed arbiter of China-related online discussion, regardless of location. As Parton commented in an interview for the research, China “does not aspire to be the world’s policeman. But being the world’s secret policeman … well, that is another matter”.

A further dimension of this repressive campaign with wider effects is China’s export of the tools of digital authoritarianism to other states in the Global South. According to China expert Andrew Nathan, China has shown “no missionary impulse to promote authoritarianism”. Nevertheless, it has demonstrated a passion for becoming one of the world’s leading exporters of surveillance technology. So far, this technology transfer has primarily helped already repressive governments monitor and control their domestic populations. Still, it may eventually encourage them to ape the Chinese by applying such techniques beyond their borders, adding a further driver to the proliferation of hostile acts as tools of statecraft.

Unless a major crisis occurs over a key Chinese national interest, China will likely maintain its current state threats campaign, with some examples of “mission creep”, while striving to improve its performance using new tools and methods. However, if such a crisis arose, and Western states opposed China’s objectives, China would probably escalate its existing hostile actions against them. Sabotage against communications and energy infrastructures beyond the Asia-Pacific region, are possible; in November 2024, German Defence Minister Boris Pistorius alleged that a Chinese vessel was a plausible suspect behind damage to two undersea cables in the Baltic Sea. Moreover, there would be an elevated likelihood that China could start “pulling the trigger” in its cyber effects operations, aiming to create disruptions that could undermine Western states’ ability to respond to the crisis.

China would almost certainly use overt economic and financial coercion tools, including tariffs, sanctions, embargoes and denial of access to ports, to pressure Western economies that are heavily reliant on Chinese goods, services and markets to sustain their prosperity. China might also seek to stimulate chaos in Western financial markets by offloading Western sovereign debt or private equities, in which it has heavy investments. Former US Treasury secretary Hank Paulson has described how, during the global financial crisis, Chinese officials informed him that Russia had suggested dumping US mortgage debt to destabilise the US economy, an idea the Chinese said they had rejected. Such a comment was unlikely to have been made just in passing. While such methods would risk “mutually assured economic destruction” for China as much as Western economies, they would be an obvious way for China to leverage its natural advantage in a situation where its core interests were perceived to be at risk.

Implications

The research this briefing is based on does not aim to describe or assess how Western governments are addressing the challenges state threats pose, in general, or their Chinese dimension, in particular. Nor does the research offer policy recommendations on how governments might proceed. However, the findings still have potential implications for Western policymakers as they shape policies to tackle the Chinese state threats challenge.

Observation 1: China’s state threats challenge is significant and growing, but could be larger than it currently is

In recent years, Western intelligence officials have repeatedly underscored the dramatic scale of China’s clandestine and covert activities, particularly its vast espionage campaign, suggesting a threat of existential proportions. Considering China’s size and capabilities, it is undeniably the greatest revisionist state in potential scale, dwarfing Iran and North Korea and leaving even Russia – with an economy roughly one-tenth the size of China’s – trailing behind. China’s conduct – its overt bullying and use of economic coercion, its breaches of international norms surrounding commercial and societal espionage, its flagrant abuse of other countries’ jurisdictional rights in pursuit of dissent or supposed corruption, and its attempts to pursue elite capture on a global scale – suggest a country determined to remake the world order. China’s recently intensified campaign against Taiwan and its shift towards “preparation of the battlefield” in cyber attacks against the West further suggest a country that will not shy away from using disruptive means if it deems them necessary.

However, Western observers need to maintain some perspective. Anything China does will likely seem threatening to countries with only a fraction of China’s population and resources. This does not necessarily mean that the scale of the covert threat posed could not be worse than it currently is. Indeed, it is worth considering how much China’s grand strategy has applied overt and legitimate means of political and economic statecraft to achieve its goals compared to clandestine and covert methods. Arguably, China’s current efforts such as the Belt and Road Initiative are at least as necessary in winning friends and compliance with China’s aims – and probably more so – than China’s secret activities.

Furthermore, while acknowledging that China has targeted Taiwan intensely and has applied maximum effort in its commercial espionage campaign against the West, it is notable how restrained China has been in many other areas of state threats where it could potentially have been much more active. Although it is impossible to put figures on such matters, the overall pattern of qualitative reporting suggests that China has focused more on clandestine acts than covert ones (in other words, espionage rather than intimidation, sabotage or subversion); and that where China has used covert actions, it has concentrated more on the use of malign influence than physical disruptions or attacks.

This relative restraint is even more apparent if China’s conduct is compared with that of other revisionist states such as Russia, Iran and North Korea. China has thus far rejected the use of assassination and terrorism, and has limited its use of physical sabotage against Western nations. It has not employed cyber operations to cause large-scale disruption. Despite the claims of some US politicians about China’s role in the opiate precursor trade, Beijing does not appear to have actively weaponised crime against the West. Its information operations have been comparatively less aimed at nurturing social divisions than those of Russia. China has also been extremely cautious in its relationships with illicit non-state actors, such as criminals, terrorists, insurgents and political extremists. While much of China’s conduct is anathema to the West, it is much less brazen or dangerous than that of Russia, Iran or North Korea. Paradoxically, China’s state threats are simultaneously the most significant challenge the West faces in terms of current and potential scale, while at the same time being the most nuanced.

Observation 2: China’s state threats present Western countries with a distinct problem

The analysis suggests that addressing the Chinese dimension of state threats will be one of the most challenging aspects of the overall problem facing Western policymakers. On the one hand, China’s state threats campaign is already a significant problem for the West and demands a response; on the other, it is a problem that is currently nowhere near as bad as it might be. There are numerous ways in which China might use covert means to cause problems for Western countries; China’s cyber effects operations could swiftly be turned to disruption, and Triad networks overseas used to undertake more violent acts against dissidents, foreign critics of China or physical infrastructure. The Chinese diaspora also provides a vast latent pool of human resources that might be encouraged or coerced into taking aggressive actions rather than just collecting information and influencing foreign decision makers.

Some might argue, of course, that China’s restrained behaviour so far indicates it is unlikely to use such means in the future, even if relations with the West were to worsen. As noted above, China is largely cautious in its approach and desires to inherit a relatively intact international system from the US. It does not wish to lose goodwill or reputation and does not appear to share Russia’s passion for gaining notoriety through reckless behaviour. China has no desire to swing an international wrecking ball. However, it would be brave for Western policymakers to assume that China might not use harsher covert measures if it deemed them necessary. Much as direct Western military support for Ukraine appears to have led to intensifying Russian active measures in Europe, it is reasonable to assume that Western actions that China assessed to affect its core national interests – say, over Taiwan – might lead to similar measures.

Moreover, a tougher Western response to China’s clandestine and covert activities might also stimulate cross-domain escalation by China in other areas of great consequence to the West, especially trade and the financial system. Many Western economies have become dependent on Chinese-manufactured goods, and are almost entirely reliant on China for rare earth elements used in many advanced technologies. China is a major economic and financial investor in the West; it is, for example, second only to Japan as a holder of US sovereign debt. China also provides a major market for Western machinery, technology, certain luxury goods and professional and financial services, although its overall dependency on the West appears to be in long-term decline. It thus has the power to have a major disruptive effect on the international financial system and Western economies if it decides to use any of the loaded guns available to it sitting openly on the table. China might see such moves as too dangerous: the potential fear of mutually assured economic destruction might act as a restraint. Nevertheless, Beijing has already shown its willingness to use economic measures for political purposes, putting trade restrictions on Australia in 2020 over demands for transparency about the origins of Covid-19 (recently lifted), and placing an effective embargo on Lithuania after the Baltic state allowed Taiwan to open a representative office in Vilnius in 2021. While neither of these economic moves by China proved a major long-term economic problem for Australia or Lithuania, more aggressive and general measures by China might have a more dramatic impact on Western economies, as demonstrated by disruptions in supply chains from China during the pandemic. Western policymakers thus face a very delicate balance between reacting strongly enough to contain or, better yet, deter current Chinese actions, while also not provoking China into escalating those actions either in the covert realm or by weaponising its economic position of strength in retaliation.

Due to the distinctive qualities of the Chinese state threats challenge, Western governments must respond to it in ways that mitigate the current threat without triggering escalation. This balance is much more important to achieve than with Iran or North Korea, both of which are relatively economically weak; or with Russia, which, although large and resource rich, has significant economic vulnerabilities and is now largely de-coupled from Western economies due to sanctions. China matters to the health of the global economy and international system (and hence the West) in a way that none of the other revisionist powers do. It requires a dedicated and tailored response.

Observation 3: Tackling China’s state threats requires a bespoke and multi-stranded approach

To this point, the primary Western approach to state threats has been largely state agnostic and focused on resilience measures. Several Western nations, including the US and the UK, have also taken some disruptive and punitive measures against Chinese acts of espionage, malign influence and cyber effects operations. However, the research suggests that while such measures are welcome and helpful, they are probably inadequate to meet the specific challenges of China’s state threats campaign.

Full-spectrum resilience

Resilience efforts are vital to mitigating the effects of China’s espionage campaign, cyber effects operations and malign influence efforts. The record of the past two decades suggests that Western secrets have been too easy to steal, cyber infrastructures too easy to penetrate and political elites too easy to persuade. Western states have begun to address these issues in various ways, with efforts to improve espionage awareness in businesses and academia, upgrade public and private sector cyber security, protect critical national infrastructure and key economic sectors, and identify and disrupt efforts at malign influence. Nonetheless, such policies have been far from universal across the West, and often piecemeal and unintegrated when implemented. Such efforts have also concentrated more on target-hardening of concrete processes, networks and assets, which are comparatively easy to map and measure, rather than the more intangible aspects of democratic and societal resilience. This can leave efforts to build and measure human resilience against repression and malign influence in business, education, civil society and political systems – all areas of special pertinence to the nature of the Chinese state threats campaign – as the “poor relations” in Western resilience efforts.

This suggests a more thorough approach is required to mitigate the impact of Chinese hostile activity on Western societies. An important starting point would be a better understanding of the scale and depth of Chinese involvement in Western infrastructure, economies, finance and political systems. The summary report published by the Canadian Foreign Interference Commission in January 2025 is an example of a general political stocktake that contains considerable detail about covert Chinese activities in the country. Such exercises, which could cover a broader range of vulnerabilities, would not be maps of Chinese state threats per se, but would provide a baseline of current vulnerabilities where resilience resources and efforts at mitigation might be most helpful. Without pre-judging the outcomes of any stocktakes, available evidence suggests that Western countries will probably need to pay particular attention to areas such as cybersecurity in their private sectors, and Chinese state-linked involvement in higher education, research and business. Despite various government awareness-raising campaigns, these sectors still seem relatively accessible to malicious Chinese activity. More effort is required, too, to work with Chinese diaspora communities to ensure their resilience in the face of potential Chinese coercion. A further necessary aspect of resilience efforts will be to scan the horizon for future vulnerabilities that emerge due to advances in quantum computing and AI, fields in which China excels.

However, resilience alone is unlikely to deter China from continuing its campaign. Given the relatively small investment needed to undertake hostile acts, the limited costs incurred and the potential for an eventual pay-off, current Western resilience measures are unlikely to cause China to desist out of frustration. Even more extreme measures, such as a comprehensive economic decoupling from China (as opposed to de-risking in areas deemed especially sensitive to economic security), are unlikely to make Beijing stop, and may well lead instead to redoubled efforts in areas such as cyber espionage. Moreover, while more stringent measures might reduce Chinese access to Western societies, they would probably come with significant costs for the West regarding lost commerce and infringements of citizens’ personal rights. If Western countries decide that their primary response to Chinese hostile activity is to remain a resilience-based approach, the West must be prepared for a long haul. The possibility of the success of such an approach will depend on waiting out the CCP, hoping for a change in policy under new leadership or, more improbably, a new regime. Such an approach would be as much a test of Western robustness as of Chinese resolve.

Targeted measures

If resilience is deemed insufficient, then Western governments must put greater weight on other policy responses. The research does not outline what these responses should be, but they would likely fall into four categories. A starting point would be measures aimed at deterrence, setting out promised responses following a hostile action or actions. The next step would be disruptive action – seeking to stop attacks before they are executed, followed by punitive or retaliatory action against attacks that take place, and finally, offensive action – attacking opponents without a direct link to a prior attack. Such measures might affect Beijing’s “return on investment” calculations by mitigating the effects of hostile state behaviour and imposing costs that may change decisions.

To an extent, Western countries already use deterrence, disruptive and punitive measures. In cyberspace, the current trend in various civilian and military cyber commands is for “persistent engagement” with attackers – a phrase used by cyber scholar Michael Fischerkeller and associates to refer to a style of ongoing defensive engagement with hostile APTs that is inherently disruptive to their offensive activities. The US, UK and other Western states have also used expulsions of suspected Chinese intelligence operatives, “naming and shaming”, and financial sanctions against Chinese state-linked hackers. However, such actions are relatively restrained, and Western states appear to have largely rejected tit-for-tat retaliatory attacks or offensive operations so far.

There is an obvious question of whether some of these measures might be used more in the West’s response to Chinese state threats; a space exists between pure resilience and pure offence that behoves Western states to explore – at the very least – the potential for more energetic or imaginative responses. For example, the expulsions of suspected Chinese intelligence operatives from Western countries appear to have been comparatively limited compared to those linked to Russia. If undertaken on a larger – if not equivalent – scale, they might have proportionately greater operational effects on Chinese capabilities deployed in the West. Western governments could also increase disruptive and retaliatory cyber effects activities or consider new legal remedies to tackle Chinese malign influence, perhaps by creating lists of proscribed influence organisations that could include UFWD-linked groups. Western governments could also look to cross-domain responses, explicitly linking targeted trade measures, student visa quotas or other areas not usually connected to national security policy. Other options could also include greater use of secondary sanctions against Chinese individuals, organisations and businesses involved in facilitating illegal activities by other revisionist states such as Russia or Iran.

However, if Western states choose to be more assertive towards China, they must calibrate their willingness to take risks. The most significant concern would be that a change in posture triggered a reciprocal or even escalatory Chinese reaction. Notably, China responded to long-standing US naming and shaming efforts in April 2025 by doing the same to three alleged NSA operatives. All new approaches must therefore be properly risk-assessed and thoroughly war-gamed for potential Chinese responses and effects on Chinese decision-making. A more assertive posture towards China cannot be undertaken “on the fly”. Legality and principles of ethics, necessity and proportionality should also remain essential to the character of Western responses to mitigate any corrosion of standards of conduct within Western intelligence agencies, or undermining public trust or the country’s international reputation. However, if Western governments fail to show greater agility, flexibility and creativity in responding to China, they abdicate the opportunity to shape the environment. They will also risk looking to China like easy targets.

Engagement

Perhaps counterintuitively, Western governments should also consider intensifying diplomatic engagement as a third strand of a bespoke approach towards China. In September 2015, the Obama administration reached an agreement with China to limit commercial cyber espionage, which resulted in a brief pause in Chinese hostile activities in that area. The US, China and other states have also engaged in ongoing discussions through international forums regarding setting standards of state behaviour in cyberspace, with some progress but no conclusive agreements, partly due to disagreement over acceptable state control over domestic cyberspace. Considering the potential damage a more aggressive China might have on the West, or the adverse effect such a China might have on overall standards of statecraft, the present moment might be an opportune time for Western governments to seek to restart such discussions on agreed standards in espionage and cyber effects. Discussions might extend to other issues, such as handling transnational dissent cases or overseas political interference. Discussions would not necessarily have to be bilateral, with multilateral or “minilateral” forums also offering opportunities to raise these issues.

Of course, China hawks will point reasonably to China’s failure to keep to the 2015 agreement as an indicator of the low chances of success engagement might bring, especially when Xi sees the course of history moving in China’s direction. Even if agreements could be reached, there would be serious doubts about whether China would keep to them. However, failure is not inevitable, and Western governments must remember that China remains fundamentally conservative in many ways. Like Western states, it would like to see an orderly world. It also has a profound national interest in preventing a major conflict that could wreck its hard-won economic progress. On these grounds alone, therefore, there are reasons to talk in a spirit of hope, if not expectation.

Observation 4: Whole-of-government, whole-of-society and whole-of-West approaches are imperative

Considering the nature of the Chinese state threats campaign, both the STT and the research for Old Wine, New Bottles? The Challenge of State Threats have implied that a response to China (or any other primary source of state threats, for that matter) requires a comprehensive approach that does not rely on any one part of society to meet the challenge

Whole-of-government approach

This effort needs to begin at government level. According to the STT, Western governments must start by developing a credible picture of the evolving threat landscape based on good intelligence. A coherent, shared strategy must then follow, implemented and driven by effective leadership and coordination mechanisms across departments and agencies. Such mechanisms are fundamental at operational level, where various separate agencies can look at the same problem from different perspectives, often in isolation. The STT also notes how crucial country-focused expertise is in shaping credible intelligence assessments of the threat and implementing a strategy in response. Having experienced and expert officials to hand is invaluable, and a major challenge for many Western bureaucracies is the relatively limited supply of diplomats and other officials with direct experience in China, or a steady supply of graduate recruits with appropriate Chinese language skills. There is considerable danger that Western governments will make costly blunders and misjudgements without appropriate expertise being available.

Whole-of-society approach

These issues must be addressed partly through medium-to-long-term efforts to retain existing expertise and ensure access to those who have left government service, along with initiatives to generate a wider pool of incomers with Chinese language skills. However, as the STT suggests, governments can also seek more immediate assistance from the private sector and civil society to enhance their expertise and knowledge, somewhat mirroring – if not copying – China’s own whole-of-society approach. Elements of Western business, such as the financial services and technology sectors, have had considerable and lengthy direct exposure to China, creating a body of knowledge and experience that governments might tap into. Rather than mandating cooperation as authoritarian states do, liberal democracies might turn more profitably to a cooperative public–private partnership model that has already been used successfully in cybersecurity and financial crime. These partnerships need not only be used to share intelligence and knowledge, but could form the nucleus for any future operational coordination between different sectors.

It is important to stress, though, that liberal democracies – if they wish to remain open societies – should avoid emulating authoritarians’ mobilisation of entire societies as instruments of the state. The liberal democratic partnership model is based on voluntary cooperation and persuasion. Consequently, Western governments will need to think carefully about how to incentivise cooperation. However, the most obvious starting point would be for governments to share a clear threat picture and strategy with private partners, civil society and the wider public. They are not likely to act unless they understand how serious the problem is or might become.

Whole-of-West approach

Ultimately, the research indicates that a single state in isolation cannot tackle state threats. Partnerships thus also need to be international. China has sought to divide the US from its allies in Europe and the Asia-Pacific region, and the West must therefore provide a united front as far as possible in response. Considering the scale of the Chinese threat, actual and theoretical, the West must also decide how the burdens of tackling China’s challenges can be managed fairly across Western countries. Achieving a fair form of burden-sharing will be difficult, however, because no Western multilateral framework currently exists for looking at the multiple challenges the West faces: NATO, for example, focuses on European security issues. Therefore, other channels might be needed, perhaps developed through organisation-to-organisation discussions between NATO and groups such as the Quadrilateral Security Dialogue of the US, Australia, India and Japan, or minilateral groupings of liberal democratic states across the relevant regions.

However, even if successfully convened, such discussions would prompt the further question of prioritisation: which revisionist state is most worrying and, therefore, most deserving of the main response effort? Should a much larger and more theoretically dangerous China take precedence over a weaker, but more reckless Russia, which is already causing trouble? The research does not answer that question but does suggest that several pragmatic criteria might be applied to resolve it. Governments might consider the immediacy and proximity of the threat each state poses, as well as the potential damage it could cause. It makes practical sense to tackle “the biggest shark closest to the boat” first; otherwise, no boat may be left for later. Considering the current pattern of state threats outlined in the research, Russia is probably the central revisionist state of immediate concern. However, the US and the liberal democratic states of the Asia-Pacific region would probably disagree with that view. They could rightly point out that China poses a threat in many areas relevant to European interests, such as the integrity of communications infrastructure in the Pacific. Chinese attacks on such targets would have consequences from which Europe could not insulate itself.

Such a reality suggests, therefore, that while neither threat can be ignored, some level of compromise is needed, again pointing towards proportionate burden-sharing between Western countries in different regions. This could be combined with a “minimum core approach” to Russia and China shared across regions with differing immediate concerns. Sceptics might question the extent to which a cross-regional Western partnership is possible among governments with apparently divergent views on national security priorities. However, despite the froth of public rhetoric, recent official announcements on increasing defence spending suggest that most European governments are aware of the need to shoulder more of the burden, much as members of the Trump administration, such as Under Secretary for Defense Elbridge Colby, have demanded for some time. While such a potential shift in approach might yet be derailed by President Trump’s tariff hikes or his mercurial stance on Russia and Ukraine, Western countries still have many interests in common and, in theory at least, a coordinated partnership should be possible.

Matthew Redhead is the Senior Associate Fellow at the Royal United Services Institute (RUSI). He was a UK government employee and senior financial crime professional.