China’s Expanding Global Intelligence Footprint In The Digital Age

Espionage is not an unusual affair in international politics; it is one of the system’s most common habits. Since strategic surprises are expensive and uncertainty is dangerous, states have always tried to find out what their competitors are planning, what technologies they have, what their goals are, and how can they respond. The United States, the United Kingdom, and the Soviet Union all built robust intelligence enterprises in the 20^th century that included human sources, signals intelligence, and covert action programs. Espionage has not gone away in the 21^st century; instead, with the help of technology, it has gotten bigger, faster, and more powerful. The methods changed in the intelligence competition, and so did the major players.

China has become a rising power with global ambitions, and its intelligence apparatus abroad reflects this ambition. For some observers, China is “spying everywhere”; for others, it is acting like any other major power, but with unique advantages stemming from its industrial capacity, digital ecosystems, and extensive state-market coordination. Understanding the scope and logic of China’s expanding intelligence footprint is essential for policymakers, businesses, and researchers navigating an era where technology and security are deeply intertwined. This article aims to clarify how China’s intelligence model operates, why it matters for global power competition, and what its rise means for the balance of international strategic influence.

China’s global intelligence footprint blends traditional human intelligence with offensive cyber operations and large-scale data collection, alongside the strategic use of technological and commercial dependencies. Campaigns such as Salt Typhoon illustrate how state-linked actors have targeted telecommunications and critical infrastructure networks to obtain sensitive information and strategic access. Western security agencies frequently warn that Chinese intelligence services and state-linked actors target sensitive information and intellectual property across government, industry and academia. In 2018, the U.S. Department of Justice charged members of the China-linked APT10 group with conducting a global cyber-espionage campaign against managed service providers to steal commercial and technological data from multiple countries. In the United Kingdom, parliamentary and intelligence reporting has repeatedly highlighted concerns about large-scale Chinese espionage and influence activities across government, industry, and academia. A recent House of Commons Library briefing summarises warnings from MI5 and other agencies that China-linked actors target sensitive technologies, universities and political institutions, while MI5 Director-General Ken McCallum has publicly described Chinese intelligence activity as a “game-changing” strategic challenge affecting multiple public and private sectors. Parliamentary oversight bodies have similarly noted risks to research institutions and advanced technology industries, underscoring the breadth of concern across the UK national security community. In October 2023, Five Eyes intelligence chiefs publicly warned about widespread Chinese espionage targeting critical infrastructure sectors. U.S. and allied authorities have sanctioned individuals associated with China’s Ministry of State Security (MSS) for global hacking operations targeting intellectual property and government data, while coordinated advisories from the US, UK, and  European states have reinforced these warnings.

Beijing maintains that China is a frequent target of foreign espionage and has expanded its domestic counter-espionage posture in recent years, reflecting an official view that information competition is a permanent feature of great power rivalry. In April 2023, China adopted a revised Counter-Espionage Law that broadened the definition of protected “documents, data, materials and items” related to national security and expanded the scope of activities considered espionage, including cyber intrusions against state organs and critical infrastructure. The law also made it clear that cyber-attacks on state organs or critical information infrastructure are now considered espionage. This is important because it shows a two-way, contradictory dynamic: China’s intelligence work abroad and its tightening of security at home are both getting stronger because of growing geopolitical tensions.

China’s Intelligence: From HUMINT to Cyber-Enabled Collection

China’s intelligence services—particularly MSS—have historically relied on human intelligence (HUMINT) operations to identify, assess and recruit individuals with access to sensitive information in government, research, and industry. What appears different today is the extent to which digital technologies have lowered the cost and expanded the reach of recruitment. Western security agencies have warned that Chinese intelligence actors increasingly use online platforms, professional networking sites and academic contacts to identify and approach potential sources. For instance, European and U.S. counter-intelligence officials have documented cases in which Chinese operatives used LinkedIn and other digital platforms to contact government employees, researchers, and industry professionals as part of recruitment efforts. These methods reflect a broader shift in modern espionage: initial contact may arise opportunistically through digital networks, but the objective remains targeted—gaining access to a small number of well-placed individuals whose knowledge of advanced technology can yield significant intelligence value.

Recent reports on Taiwan’s rise in counterespionage show how China’s modern recruitment strategy can start with exploiting everyday weaknesses like debt and job hunting. Taiwan has publicly reported a sharp increase in espionage-related prosecutions in recent years, with cases often involving military personnel and veterans, illustrating how intelligence penetration becomes part of broader coercive strategy and psychological pressure in contested theatres. Taiwan is a unique case because of the conflict across the strait, but its experience makes a bigger point: digital life makes it easier for intelligence agencies to recruit.

Cyber-enabled espionage has become as central as HUMINT in contemporary intelligence competition. Governments increasingly attribute major cyber campaigns to actors linked to MSS. While earlier cases such as the 2018 U.S. indictment of APT10 highlighted long-running global intrusions linked to China, more recent attributions reinforce the pattern. In May 2025, NATO issued a statement of solidarity with the Czech Republic following a malicious cyber campaign attributed to actors linked to the Chinese state, underscoring allied concern about state-sponsored cyber operations targeting government institutions. Western governments such as Canada, Finland, France, Germany, Sweden, Switzerland and cybersecurity agencies have similarly warned that China-linked hacking groups continue to target critical infrastructure systems across multiple regions. The UK’s National Cyber Security Centre has repeatedly identified China-associated threat actors as persistent threats to British organisations, reflecting a broader consensus among allied governments that cyber-enabled intelligence collection is now a core instrument of strategic competition.

By leveraging cyber proxies and commercial intermediaries, Beijing can expand its intelligence reach at relatively low cost while reducing political risk. Campaigns such as “Operation Cloud Hopper,” which targeted managed service providers to gain “one-to-many” access to corporate and government networks, illustrate how China-linked actors can collect large volumes of technological information efficiently. The significance for global security is clear. Such methods allow China to scale intelligence collection across multiple countries and sectors simultaneously, reinforcing its ability to support economic competition, technological advancement and strategic decision-making without relying solely on traditional espionage channels.

Space and Remote Sensing As Strategic Enablers

Space-based intelligence, surveillance and reconnaissance (ISR) have become a central pillar of China’s expanding global intelligence architecture. Over the past decade, China has rapidly developed a large network of Yaogan and Gaofensatellites capable of high-resolution imaging, electronic intelligence collection and maritime surveillance, allowing persistent monitoring of military facilities, sea lanes and strategic infrastructure across Asia and beyond. Chinese commercial satellite firms linked to the state have also drawn attention for providing high-resolution imagery to support Russia’s operations in Ukraine, illustrating how commercial–state integration can extend Beijing’s intelligence reach while maintaining plausible deniability.

These satellite capabilities are increasingly integrated with AI-enabled analytics, creating a fused intelligence system that supports military planning, industrial policy and geopolitical positioning. The significance for the broader argument is clear: China’s intelligence expansion is not only about spying in the traditional sense but about building a technologically integrated information ecosystem that enhances its ability to project strategic power globally.

Law, Obligation, and the Gray Zone of “Assistance”

One reason people are so interested in China’s rise in intelligence is the legal and institutional framework that protects state security. A well-known part of China’s National Intelligence Law, first adopted on June 27, 2017 then amended in 2018, says that businesses and people must “support, assist, and cooperate” with national intelligence work while keeping intelligence secrets safe. Policymakers have argued that China’s intelligence laws create structural risks for companies operating in or connected to China because compliance obligations may not always be transparent to foreign partners, raising concerns that firms could be required to assist state intelligence activities. Beijing, however, maintains that China is not unique in granting broad national-security powers to its authorities and notes that many countries possess comparable legal provisions.

The Countermove: China As A Hypervigilant, Counter-Intelligence State

It is analytically deficient to characterize China solely as an “exporter” of espionage. CCP leaders often hold that foreign spies and “hostile forces” are threatening the country’s security. Since mid-2023, the MSS has used public communications, like social media messages, such as WeChat and Weibo to warn citizens about foreign spies and national security threats. For example, In 2023–2024, China’s Ministry of State Security published a series of articles through its official WeChat and Weibo accounts warning about foreign recruitment efforts targeting students, researchers and government personnel and encouraging citizens to report suspicious contacts. For example, in August 2023 the MSS launched its first official social media accounts and issued public advisories cautioning against espionage risks linked to academic exchanges and overseas study, while subsequent posts in 2024 promoted reporting hotlines and described alleged foreign recruitment tactics aimed at young professionals and researchers

This shows that the country is taking a more defensive approach to counterintelligence. China’s new counter-espionage law and the strategic communication around raids and investigations of foreign consultancies show a focus on security that sees gathering information and business intelligence as possible espionage risks.

There are two strategic effects of this internal crackdown. First, it makes things less certain for foreign businesses and researchers working in China, which could make it harder for them to do proper due diligence, share ideas, and assess corporate risk. Second, it gives the state more power to handle stories about outside threats, which can be used to support stricter internal controls. The result is a more secure global information environment, where both China and its competitors assume the worst and make decisions based on distrust.

The Politics of Attribution

Because intelligence activity is inherently secretive, public understanding often relies on partial evidence such as indictments, court filings, technical advisories and investigative reporting. U.S. legal cases in particular offer rare insights into alleged Chinese operational tradecraft. In 2025, the U.S. Department of Justice charged two individuals accused of acting as agents of the PRC government and attempting to recruit U.S. military personnel for intelligence purposes. In another case, U.S. authorities charged individuals linked to China’s MSS for long-running cyber intrusions targeting IP theft across multiple countries. European governments have also issued public attributions: in 2025 the Czech Republiclinked a cyber campaign against its foreign ministry to actors associated with China, a claim later supported by a NATO statement of solidarity.

These cases matter politically because they translate intelligence concerns into judicial and diplomatic narratives. At the same time, attribution remains complex. Governments publicise selected cases while keeping others classified, meaning that the public typically sees only fragments of a much broader counter-intelligence contest.

This selective visibility can create the impression that Chinese intelligence activity is ubiquitous. Contemporary intelligence competition is continuous, multi-layered and embedded within global digital networks. The perception of “spying everywhere” reflects less the literal presence of agents in all domains than the extent to which hyperconnectivity has blurred the boundaries between civilian, commercial and security infrastructures, allowing states to exploit interconnected systems for intelligence purposes.

China Is “Spying Everywhere”. What Can Its Competitors Do About It?

The popular frame shows three real dynamics. First, China has a lot of reasons to gather strategic information to help its economy grow, its military become more lethal, and its soft power competitive. Second, China’s size—industrial, technological, and human—gives it a lot of power, especially when combined with the government’s ability to work together and make policies. Third, the digital age opens more ways for agents to spy on each other, which makes it easier for them to get around traditional counter-intelligence barriers.

However, the frame also leaves out some important details. It downplays the fact that espionage is a two-way street: China is also a target, and it is responding by giving more power to counterespionage agencies and raising awareness among its people. However, this framing also obscures several important analytical considerations. It tends to understate the reciprocal nature of espionage, in which China is not only an active intelligence collector but also a frequent target of intelligence operations and has responded by strengthening domestic counter-espionage authorities and public vigilance. It further risks overstating the role of technological tools while overlooking the extent to which contemporary intelligence advantages derive from access to data ecosystems, digital infrastructures and systemic vulnerabilities. Finally, by reducing a complex strategic competition to a singular narrative of pervasive espionage, such framing may inadvertently encourage broad societal generalisations, with potential consequences for limiting academic exchange, technological collaboration, and the openness that underpins innovation in democratic societies.

For the United States, its allies in Europe, and other states that aim to compete with China, the central policy challenge is not simply the existence of Chinese espionage but the erosion of trust in the global technological environment. Governments across the transatlantic community and in Indo-Pacific partner states increasingly face the task of protecting sensitive technologies while maintaining open markets and scientific collaboration. A practical response therefore begins with strengthening resilience: hardening critical infrastructure, improving cyber hygiene, reducing high-risk single-vendor dependencies in strategic sectors, and clarifying research-security guidelines for universities and industry without undermining legitimate international cooperation. Official advisories from the United States, the United Kingdom, the European Union and allied partners increasingly stress that basic defensive measures—network monitoring, patching, segmentation and incident-response preparedness—remain essential because sophisticated state-linked actors often exploit routine vulnerabilities rather than highly specialised tools. This emphasis is reflected in policy initiatives such as the European Union’s NIS2 Directive, which requires member states and critical-infrastructure operators to strengthen cybersecurity risk management and reporting standards, and the United States’ Clean Network initiative launched in the first Trump administration, which sought to reduce reliance on high-risk telecommunications vendors in sensitive digital ecosystems. These measures illustrate how Western governments are translating intelligence concerns about China and other state actors into broader resilience and supply-chain security policies.

For China’s competitors, effective counterintelligence must also remain targeted and proportionate. Excessively broad restrictions on technology exchange, foreign direct investment or academic collaboration risk producing unintended consequences, such as reduced innovation, diminished talent flows and the politicisation of diaspora communities whose cooperation is often essential for scientific and commercial progress.

Policymakers in the United States, Europe, and like-minded Asian states therefore face a dilemma when it comes to China’s expanding intelligence footprint: deterring malign operations and protecting sensitive sectors while preserving the openness that sustains economic dynamism and alliance cohesion. In this context, intelligence competition should be understood not only as a struggle over secrets but also as a contest over governance models, technological standards, and the resilience of open societies in an era of great power rivalry.