Antivirus Insider

You are here: Home / Cybersecurity / Chinese Cyber Attack Statistics 2026: Essential Data for Security Teams

Chinese Cyber Attack Statistics 2026: Essential Data for Security Teams

by Leave a Comment

Chinese Cyber Attack Statistics

Chinese cyber operations have become a central concern for governments, critical infrastructure operators, and private enterprises worldwide. Over the past two years, security agencies have reported a rise in state-linked campaigns targeting telecommunications networks, government systems, utilities, defense contractors, and technology providers. These attacks affect everything from national security planning and supply chain resilience to business continuity and intellectual property protection.

Real-world examples include the infiltration of major telecommunications providers and long-term access attempts against critical infrastructure networks. As organizations strengthen cyber defenses, understanding the latest Chinese cyber attack statistics helps decision-makers assess risk, prioritize investments, and improve resilience. Explore the data below for a detailed look at the scale, targets, and evolution of these operations.

Editor’s Choice

  • The FBI reported that the Chinese-linked Salt Typhoon campaign compromised telecommunications infrastructure in more than 80 countries.
  • Security agencies disclosed that Salt Typhoon hackers gained access to over one million call records during their espionage activities.
  • Chinese cyber intrusion attempts tracked by one major cybersecurity firm increased by more than 330% in 2023, with elevated activity continuing through 2025.
  • The FBI stated that approximately 600 organizations were notified after investigators uncovered exposure related to the Salt Typhoon operation.
  • Salt Typhoon has been linked to intrusions affecting over 200 organizations globally, according to intelligence disclosures published in 2025.
  • Intelligence agencies identified the Raptor Train botnet, associated with Chinese threat actors, as comprising more than 200,000 compromised devices.
  • Multiple investigations found that Chinese state-linked groups targeted sectors including telecommunications, transportation, government, lodging, and military infrastructure throughout 2024 and 2025.

Recent Developments

  • In 2025, the FBI stated that Salt Typhoon activity had expanded well beyond earlier estimates and affected telecommunications providers across 80+ countries.
  • The U.S. Treasury sanctioned a company allegedly connected to Salt Typhoon operations in January 2025.
  • Canadian authorities disclosed that Chinese actors compromised telecommunications equipment in February 2025 through the exploitation of a known Cisco vulnerability.
  • Australian intelligence officials warned in late 2025 that Chinese-linked groups had attempted to access telecommunications and critical infrastructure networks.
  • U.S. officials reported that a ninth telecommunications provider was added to the list of organizations compromised by Salt Typhoon in 2024–2025 investigations.
  • A DHS assessment released in 2025 linked Chinese cyber actors to the compromise of a U.S. Army National Guard network that reportedly persisted for months.
  • Satellite communications provider Viasat disclosed a breach associated with the Salt Typhoon espionage campaign in 2025.
  • Joint advisories issued by allied governments in 2025 identified overlapping activity involving Salt Typhoon, GhostEmperor, RedMike, and UNC5807.
  • Intelligence agencies from ten countries issued warnings in 2026 regarding Chinese groups’ use of IoT devices and routers to build large-scale covert botnets.

China Cybersecurity Market Revenue Growth Statistics

  • China’s cybersecurity market revenue is projected to surge from $5.33 billion in 2016 to $31.41 billion in 2027, nearly a 6x increase.
  • Market revenue crossed the $10 billion mark in 2021, reaching $11.20 billion.
  • The industry expanded from $14.05 billion in 2022 to $16.58 billion in 2023, adding over $2.5 billion in one year.
  • Revenue is forecast to reach $22.82 billion in 2025, reflecting strong demand for cybersecurity solutions and services.
  • Between 2025 and 2027, the market is expected to grow by $8.59 billion, from $22.82 billion to $31.41 billion.
  • China’s cybersecurity market is projected to exceed $26 billion in 2026, reaching $26.78 billion.
  • The market grew by approximately 110% between 2020 ($9.17 billion) and 2027 ($31.41 billion).
  • Annual revenue increased steadily every year, with no recorded declines between 2016 and 2027.
  • The largest year-over-year increase is forecast between 2026 and 2027, with revenue rising by $4.63 billion.
  • Cyber Solutions remain the dominant segment throughout the period, accounting for the majority of market revenue.
China Cybersecurity Market Revenue By Segment 2016 2027
Reference: China Briefing

Chinese Cyber Attack Statistics by Target Country

  • Chinese APT group Salt Typhoon infiltrated over 200 targets across 80 countries globally.
  • Hackers linked to China breached all 4 major telecommunications providers in Singapore during 2026.
  • The Chinese state-sponsored group Storm-0558 compromised 22 enterprise organizations and over 500 individuals globally.
  • The Volt Typhoon threat actors maintained undetected access to U.S. critical infrastructure for at least 5 years.
  • Chinese state-backed hackers successfully compromised the emails of 68 officials at the Cuban embassy in 2026.
  • Authorities announced a $10 million bounty for information on individuals associated with the Chinese group Salt Typhoon.
  • Chinese espionage hackers accessed the metadata of over 1 million users in the Washington D.C. area.
  • China and three other nations sponsored 77 percent of all state-directed cyber operations globally.

Chinese Cyber Attack Statistics by APT (Advanced Persistent Threat) Group

  • Volt Typhoon maintained unauthorized access to U.S. critical infrastructure for up to 300 days.
  • Salt Typhoon operations breached over 200 organizations across more than 80 countries by 2025.
  • APT41 espionage campaigns targeted and tracked network activity across more than 30 countries.
  • Flax Typhoon operators controlled a massive botnet infrastructure of hundreds of thousands of compromised IoT devices.
  • APT41 hackers successfully exploited SQL injection vulnerabilities in 43 out of 86 probed web applications.
  • Major cyberattacks by Chinese APT groups on local governments were observed across 44 U.S. states during 2025.
  • RedHotel leveraged multiple zero-day vulnerabilities to compromise telecommunications during 2024 and 2025.
  • Mustang Panda remained highly active by launching targeted espionage campaigns across 2 major continents.

Chinese Cyberattacks on Taiwan’s Critical Infrastructure by Sector

  • Energy experienced the largest surge in cyberattacks, with incidents skyrocketing by 1,000%, making it the most targeted critical infrastructure sector.
  • Emergency rescue and hospitals recorded a 54% increase in cyberattacks, highlighting growing threats to public safety services.
  • Communications and transmission networks saw cyberattacks rise by 6.7%, indicating continued pressure on essential connectivity systems.
  • Science parks and industrial parks reported 0% growth, showing attack levels remained stable year over year.
  • The food sector also recorded 0% growth, with no significant change in cyberattack activity.
  • Administration and government agencies experienced a 7.4% decline in cyberattacks compared to the previous year.
  • Transportation infrastructure saw cyberattack activity fall by 17.65%, marking a notable reduction in threats.
  • The finance sector recorded a substantial 42.8% decrease in cyberattacks, one of the largest declines among all sectors.
  • Water resources experienced the steepest drop in cyberattacks, declining by 50% year over year.
  • The data shows cyberattack growth was heavily concentrated in energy, healthcare, and communications, while most other sectors saw stable or declining attack levels.
Growth Of Chinese Cyberattacks
Reference: Taipei Times

Chinese Cyber Attack Statistics by Threat Vector and Vulnerability Exploited

  • Over 60% of Chinese state-sponsored intrusions in 2024–2025 exploited publicly known vulnerabilities.
  • Edge devices accounted for more than 50% of initial access vectors for Chinese espionage groups.
  • Cisco device vulnerabilities were exploited in nearly 80% of targeted telecommunications campaigns in 2025.
  • Stolen administrator credentials were utilized in approximately 75% of long-term network breaches.
  • Living-off-the-land techniques were observed in up to 90% of Volt Typhoon critical infrastructure intrusions.
  • Web shell deployments made up over 65% of all persistence mechanisms across compromised enterprise networks.
  • Cloud service abuse to conceal command-and-control traffic increased by a significant 45% during 2025.
  • Supply chain vulnerabilities provided single-point access to an average of 200 downstream organizations.
  • Compromised IoT devices contributed to massive proxy botnets exceeding 200,000 active nodes.

Critical Infrastructure Chinese Cyber Attack Statistics

  • Volt Typhoon hackers maintained persistent access to U.S. networks for over 5 years.
  • Government investigations found operators targeted critical infrastructure in at least 23 U.S. states.
  • Nation-state cyber attacks on critical infrastructure doubled from 20% to 40% recently.
  • The FBI successfully neutralized a covert botnet comprising hundreds of compromised SOHO routers.
  • Intelligence assessments repeatedly highlighted vulnerabilities across 4 major sectors, including water and energy.
  • Analysts note 98% of organizations rely on vendors breached within the past 2 years.
  • The U.S. government released 2 major joint advisories regarding Chinese pre-positioning campaigns by 2024.
  • Hackers successfully exfiltrated up to 20 TB of sensitive data during significant related network breaches.

Key Objectives of China-Linked Cyber Operations

  • Espionage & Intelligence Gathering dominates China-linked cyber operations, accounting for 45% of all observed objectives.
  • Intellectual Property Theft represents 27% of activities, highlighting a strong focus on acquiring proprietary technologies and trade secrets.
  • Collection of Strategic Economic Information makes up 15% of operations, targeting valuable economic and business intelligence.
  • Attempts to gain an Infrastructure Access account for 8%, indicating interest in critical systems and networks.
  • Other Objectives comprise the remaining 5% of China-linked cyber activities, reflecting a smaller range of miscellaneous goals.
Most Common Objectives Of China Linked Cyber Operations

State-Sponsored Cyber Espionage Statistics

  • Global state-sponsored cyber operations linked to China escalated by 150% over the past year.
  • Targeted espionage attacks on critical manufacturing and industrial sectors surged by up to 300%.
  • Hackers launched an average of 2.63 million daily intrusion attempts against regional critical infrastructure.
  • Security researchers formally identified seven new Chinese advanced persistent threat (APT) groups.
  • Over 79% of initial network breaches were completely malware-free, utilizing stolen credentials for stealth.
  • The average breakout time for lateral network movement dropped to a record low of 48 minutes.
  • More than 50% of these cyberattacks directly exploited unpatched hardware and software vulnerabilities.
  • Valid cloud account abuse accounted for 35% of incidents targeting telecommunications and government servers.
  • The use of AI-driven voice phishing to harvest sensitive access credentials skyrocketed by 442%.

Government and Defense Sector Targeting Statistics

  • Chinese-nexus adversaries escalated state-sponsored cyber operations by 150% during 2024.
  • Critical industries experienced a 300% spike in targeted attacks from cyber espionage groups.
  • Government and military organizations faced an average of 1,661 cyberattacks per week globally.
  • The Salt Typhoon threat group infiltrated over 200 targets across more than 80 countries in 2025.
  • The U.S. Department of Defense invested $13.5 billion in its cybersecurity strategy for FY 2024.
  • The global defense cybersecurity market is projected to reach $26.36 billion by 2026.
  • Espionage motivations accounted for approximately 4% of all cyberattacks targeting sensitive sectors.
  • Roughly 75 zero-day vulnerabilities were identified in 2024, often exploited by state-sponsored actors.

Financial and Economic Impact of Cyber Attacks: Statistics

  • Chinese intellectual property theft costs the U.S. economy between $225 billion and $600 billion annually.
  • The global average cost of a corporate data breach reached $4.44 million per incident in 2025.
  • Public companies face short-term stock price declines ranging from 3% to 7% following a breach disclosure.
  • Critical infrastructure operators spend 6 to 18 months strictly on recovery and security modernization.
  • The total cost of cybercrime worldwide is forecasted to reach $10.5 trillion to $23 trillion by 2027.
  • The healthcare sector experiences the highest financial impact, with data breaches averaging $7.42 million.
  • Advanced nation-state intrusions typically impose direct remediation costs exceeding millions of dollars per incident.
  • Implementing AI-driven security automation reduces average breach costs by $1.9 million for enterprises.
Average Financial Cost Of Cyber Breaches By Category

Telecommunications and Technology Sector Attack Statistics

  • At least 9 major telecommunications providers were publicly compromised by Salt Typhoon operations during 2024–2025.
  • Telecommunications networks across more than 80 countries were affected by massive Chinese espionage activity.
  • Threat actors successfully accessed the sensitive call metadata of over 1 million users in the targeted regions.
  • Attackers maintained persistent access with average dwell times exceeding 200 days in telecom backbone systems.
  • Cyber breaches targeting the technology sector and managed service providers surged by an estimated 124%.
  • At least 8 large U.S. telecom companies suffered severe network intrusions specifically for surveillance operations.
  • Advanced cyber operations successfully targeted and infiltrated satellite communications infrastructure in 2025.
  • Threat actors exploited over 3,500 zero-day vulnerabilities to breach cloud computing and communications networks.

Intellectual Property Theft and Espionage Statistics

  • Intellectual property theft by China costs the U.S. economy between $225 billion and $600 billion annually.
  • The FBI opens a new China-related counterintelligence case approximately every 10 hours.
  • Around 80% of U.S. economic espionage prosecutions explicitly involve the Chinese government.
  • Over 2,000 active FBI investigations currently focus on Chinese entities stealing critical technology.
  • Approximately 20% of U.S. corporations report having their intellectual property stolen by Chinese-linked actors.
  • A staggering 46% of reported Chinese espionage incidents involve cyber espionage by state-affiliated hackers.
  • Documented global cybercrime losses linked to intellectual property theft reached $16.6 billion in 2024.
  • Authorities recorded 224 distinct incidents of Chinese espionage targeting U.S. institutions from 2000 to 2023.
  • Malicious phishing and social engineering techniques successfully account for 42% of all IP theft breaches.

China Cybersecurity Software Market Share by Segment

  • Endpoint Security leads the market with a 20% share, making it the largest cybersecurity software segment in China.
  • Cloud Security accounts for 18%, reflecting strong demand for cloud infrastructure protection.
  • Network Security Software holds 15% of the market, highlighting continued investment in network defense.
  • SIEM & Analytics also captures 15%, underscoring the importance of threat monitoring and analytics.
  • IAM (Identity and Access Management) represents 12%, driven by growing identity security needs.
  • Data Security contributes 10%, emphasizing the protection of sensitive business information.
  • Application Security makes up 10%, showing steady focus on securing software and applications.
China Cybersecurity Software Segment
Reference: Mark & Spark Solutions

Data Breach and Data Exfiltration Statistics

  • Data exfiltration was observed in 80% of cyber attacks, confirming data theft as the primary objective.
  • The global average cost of a data breach currently stands at $4.44 million.
  • Over 87% of companies reported being affected by data theft, espionage, or sabotage in the past year.
  • Human error is directly responsible for driving 95% of all data breaches.
  • Ransomware was actively involved in 44% of data breaches globally.
  • Data recovery costs for stolen organizational information can escalate to $9,000 per minute.
  • Third-party data breaches currently account for 35.5% of total security incidents.
  • Automated data exfiltration remains a top insider threat concern for 61% of security professionals.
  • AI-powered phishing is forecasted to cross 42% of all global intrusions.

Chinese Cyber Attack Statistics: Dwell Time and Breakout Metrics

  • Volt Typhoon actors have been documented maintaining undetected network access for up to five years in certain environments.
  • The global median dwell time specifically for cyber espionage operations has risen to 122 days.
  • Security analysis reveals that the long tail of targeted China-nexus network intrusions can stretch beyond 600 days.
  • The advanced group Salt Typhoon successfully maintained undetected persistence inside a major telecom network for three years.
  • The average attacker breakout time dropped to 29 minutes, with the absolute fastest recorded at just 27 seconds.
  • During rapid intrusions, active data exfiltration has been observed commencing within four minutes of the initial access.
  • The median handoff time between an initial compromise and a secondary threat group has collapsed to exactly 22 seconds.
  • Nearly 67% of the specific vulnerabilities exploited by China-linked actors provided them with immediate system access.
  • Exploited identity weaknesses and compromised credentials were the primary factors in 90% of advanced threat investigations.
  • China-linked cyber espionage operations targeting the critical logistics sector experienced a significant 85% increase.

Supply Chain Attack Statistics

  • Third-party breaches account for 30% of all data breaches, representing a 100% increase.
  • The global average cost of a supply chain breach recently reached $4.91 million.
  • Industry surveys reveal that 75% of organizations experienced a software supply chain attack within the last year.
  • Supply chain attacks doubled in frequency to average 26 incidents per month by mid-2025.
  • Supply chain cyberattacks grew 61% year-on-year in the highly interconnected manufacturing sector.
  • It takes organizations an average of 254 days to successfully detect and contain a supply chain breach.
  • Approximately 31% of enterprise businesses were directly impacted by a supply chain attack.
  • Malicious threats discovered in open-source repositories surged by an unprecedented 1,300%.
  • Global annual costs of software supply chain attacks are projected to reach $60 billion by the end of 2025.
The Widespread Impact Of Supply Chain Attacks

DDoS and Network Disruption Statistics

  • In 2024, authorities disrupted a Chinese-linked botnet infrastructure that included more than 200,000 compromised devices globally.
  • Global distributed denial-of-service (DDoS) attacks reached a record 47.1 million in 2025, representing a 121% increase over the previous year.
  • The largest recorded DDoS attack reached a massive 31.4 terabits per second (Tbps) and concluded in just 35 seconds.
  • The frequency of hyper-volumetric attacks exceeding 1 Tbps grew by more than 700% between late 2024 and 2025.
  • Massive IoT botnets utilize an estimated 1 to 4 million hijacked residential and small-business devices to execute scalable network disruptions.
  • Telecommunications networks accounted for 21% of all targeted DDoS traffic in early 2025, impacting broad geographic regions.
  • The government sector remained the most targeted industry globally, receiving 28% of all network disruption traffic in early 2025.
  • Despite increasing traffic volumes, 89% of all modern network disruption attacks now conclude in under 10 minutes.
  • Volumetric DDoS attacks directed against the global financial services sector experienced a 738% increase in median attack duration in 2025.
  • Advanced probing attacks used to map API vulnerabilities and test critical infrastructure defenses spiked by 428% year-over-year.

Modern Chinese Cyber Attack Statistics: AI and Emerging Threat Tactics

  • AI-enabled cyber attacks increased by 89% in 2025, heavily driving automated infrastructure discovery and advanced threat reconnaissance.
  • Generative AI-assisted phishing campaigns and targeted social engineering operations surged by an unprecedented 1,265% globally.
  • The average attacker breakout time drastically dropped to just 29 minutes in 2025 due to the high efficiency of machine learning exploitation.
  • Deepfake social engineering and AI-manipulated deception operations experienced a 53% measurable increase across targeted global sectors.
  • Automated credential harvesting campaigns now effectively process more than 600 million identity and password attacks on a daily basis.
  • Over 82% of newly detected advanced intrusions are entirely malware-free, heavily utilizing encrypted cloud communications and stealth methods.
  • Automated vulnerability exploitation remained the leading initial infection vector in 32% of advanced persistent network intrusions.
  • Defenders deploying AI-powered detection systems successfully reduced their average cyber breach overall costs by $1.9 million.

Frequently Asked Questions (FAQs)

How many countries did the Salt Typhoon campaign affect?

Salt Typhoon reportedly targeted or compromised organizations across 80+ countries and 200+ organizations.

How many China-origin attack attempts were recorded against telecom decoy systems?

More than 72 million China-origin attack attempts were recorded between August 2023 and August 2025.

How much did China-linked cyber espionage activity increase in 2024?

Reported China-nexus cyber espionage activity surged by 150% overall in 2024, with some sector attacks rising by up to 300%.

How large was the Chinese state-sponsored Raptor Train botnet?

The Raptor Train botnet compromised 200,000+ SOHO and IoT devices worldwide.

How much does Chinese IP theft cost the U.S. economy each year?

The estimated annual U.S. economic cost ranges from $225 billion to $600 billion.

Conclusion

Chinese cyber operations continue to evolve in scale, sophistication, and strategic importance. Statistics show sustained targeting of telecommunications providers, government agencies, critical infrastructure operators, technology companies, and defense-related organizations worldwide. Campaigns such as Salt Typhoon, Volt Typhoon, Flax Typhoon, and other state-linked operations demonstrate a shift from traditional intelligence gathering toward long-term infrastructure access and operational pre-positioning.

At the same time, organizations face growing risks from supply chain compromises, cloud-based attacks, AI-assisted intrusion techniques, and large-scale data exfiltration operations. As governments and enterprises strengthen defenses, the data suggests that proactive threat hunting, continuous monitoring, supply chain security, and infrastructure resilience will remain essential priorities.

References

About Editorial Staff

We are the Team AI and we love to play with computers. We are very interested in and passionate about computer security. We have a long experience in removing computer virus . We review various antivirus programs on this blog. Team is manged by Barry.

Leave a Reply

Your email address will not be published. Required fields are marked *

Pin It on Pinterest