Global agencies warn of Chinese cyber espionage through network hacking
An international coalition of cybersecurity agencies has warned that Chinese state-sponsored hackers are breaking into telecom, government, and infrastructure networks worldwide to feed a global espionage system. The attackers exploit known weaknesses in routers and firewalls to secretly capture communications, track movements, and maintain long-term hidden access
A new international report has warned that state-sponsored hackers linked to China have been secretly breaking into computer networks around the world to steal sensitive information. The joint advisory, released in September 2025, comes from cybersecurity and intelligence agencies across the United States, Europe, and Asia, including the U.S. National Security Agency (NSA), the FBI, Britain’s National Cyber Security Centre, and their partners in more than a dozen other countries.
How the hackers operate
The hackers, described as ‘advanced persistent threat actors,’ target the backbone of the internet – routers and other equipment used by telecommunications companies, governments, transport networks, hotels, and even military systems. By breaking into these devices, they gain long-term, hidden access to networks and the data that flows through them.
Instead of relying on undiscovered ‘zero-day’ flaws, the attackers use well-known software weaknesses that organisations have not yet fixed. For example, they have exploited vulnerabilities in Cisco, Ivanti, and Palo Alto firewalls and routers. Once inside, they often change device settings to stay hidden, open unusual digital ‘back doors’ on non-standard internet ports, and install secret programs that allow them to spy without being noticed.
What information is stolen
The stolen data goes far beyond technical details. By tapping into telecommunications providers and internet service companies, the hackers can intercept communications, track people’s movements, and even capture login details used by system administrators. This allows them not only to monitor targets directly but also to expand their reach deeper into other networks. Agencies say the information ultimately feeds into China’s intelligence services, including the People’s Liberation Army and the Ministry of State Security.
Global response and recommendations
The report highlights that these activities have been ongoing since at least 2021 and have been observed in the United States, Australia, Canada, New Zealand, the UK, Japan, Germany, and many other countries. Because the same tactics can be used anywhere, the advisory urges all organisations – especially those running critical infrastructure – to strengthen defences.
Recommended steps include keeping devices up to date with security patches, using stronger encryption and authentication for network management, disabling unused services, and carefully monitoring logs for unusual activity. In particular, telecom companies and internet providers are asked to hunt for signs of hidden tunnels, altered configurations, and suspicious data transfers that could indicate espionage.
