* [Blog](https://www2.paloaltonetworks.com/blog)
* [Palo Alto Networks](https://www2.paloaltonetworks.com/blog/corporate/)
* [AI Security](https://www2.paloaltonetworks.com/blog/category/ai-security/)
* Global Reach --- The New Sc...

# Global Reach --- The New Scale of Chinese Cyberthreats

[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2F2025%2F06%2Fnew-scale-chinese-cyberthreats%2F)  
[](https://twitter.com/share?text=Global+Reach+%E2%80%94+The+New+Scale+of+Chinese+Cyberthreats&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2F2025%2F06%2Fnew-scale-chinese-cyberthreats%2F)  
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2F2025%2F06%2Fnew-scale-chinese-cyberthreats%2F&title=Global+Reach+%E2%80%94+The+New+Scale+of+Chinese+Cyberthreats&summary=&source=)  
[](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www2.paloaltonetworks.com/blog/2025/06/new-scale-chinese-cyberthreats/&ts=markdown)  
\[\](mailto:?subject=Global Reach — The New Scale of Chinese Cyberthreats)  
Link copied  
By [Dena De Angelo](https://www.paloaltonetworks.com/blog/author/ddeangelo/?ts=markdown "Posts by Dena De Angelo")  
Jun 26, 2025  
7 minutes  
[AI Security](https://www.paloaltonetworks.com/blog/category/ai-security/?ts=markdown)  
[Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown)  
[News and Events](https://www.paloaltonetworks.com/blog/security-operations/category/news-and-events/?ts=markdown)  
[Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown)  
[Beyond the Code](https://www.paloaltonetworks.com/blog/tag/beyond-the-code/?ts=markdown)  
[Threat Vector](https://www.paloaltonetworks.com/blog/tag/threat-vector/?ts=markdown)

*Note: Quotes have been edited for clarity.*

**After decades of tracking Chinese nation-state actors, cybersecurity veterans have never witnessed the scale and sophistication of threats we're seeing today. Organizations must fundamentally rethink their defensive posture to counter this escalating campaign.**

## **The New Reality of Attacks at Unprecedented Scale**

In a recent conversation on the[Threat Vector podcast](https://thecyberwire.com/podcasts/threat-vector/65/notes) with host David Moulton, Chief Security Intelligence Officer Wendi Whitmore, of Palo Alto Networks, puts today's threat landscape in stark historical perspective:

> I have been conducting investigations in this space specifically toward nation-state actors for almost 25 years. It's been a while, and we have never seen during that time frame, the scale of persistent threat activity that we're seeing today from Chinese nation-state threat actors.

Recent data validates this assessment. Chinese cyberattacks on Taiwan government departments doubled in 2024 from the previous year to an [average of 2.4 million attacks a day](https://www.reuters.com/technology/cybersecurity/chinese-cyberattacks-taiwan-government-averaged-24-mln-day-2024-report-says-2025-01-06/), while China-nexus activity has surged by 150% overall. The numbers tell only part of the story -- attackers now operate with unprecedented speed.

"We're looking at within hours, and in some cases*minutes,* of mass vulnerabilities being identified and then systems, applications and services being identified for future exploitation," Whitmore explains. This acceleration mirrors data from the [Unit 42 Incident Response Report](https://unit42.paloaltonetworks.com/unit42-incident-response-report-2024-threat-guide/), which shows software and API vulnerabilities now account for 38.60% of initial access in attacks, up from 28.20% the previous year.

## **Testing Infrastructure for Future Conflict Beyond Traditional Espionage**

Chinese threat actors aren't just stealing data, they're positioning themselves strategically. Whitmore describes operations that span entire governments: "Last year, we released research on about 23 different government organizations in Cambodia being compromised at nearly the same time. So we're looking at whole-of-government scale operations."

The targeting extends globally with calculated precision. "If you're an ally of the Chinese government, you are just as likely to be impacted by espionage as people who are not on the top of that ally list," Whitmore notes. Attacks by Chinese Communist Party (CCP) backed groups into U.S. critical infrastructure have been used periodically to test access to systems and see whether vulnerabilities get patched, indicating threat groups are lying in wait.

Additionally, the geographic focus reveals strategic intent. Many of the attacks have targeted critical infrastructure in Guam and the West Coast of the U.S., likely indicating the CCP's focus on Taiwan and ensuring the U.S. cannot efficiently respond to potential conflict scenarios.

## **Where Technology Meets the Human Factor**

Whitmore emphasizes that cybersecurity challenges extend far beyond technical solutions. The human element creates both vulnerabilities and opportunities that organizations must address comprehensively.

##### Critical Human Vulnerabilities

* **Password reuse across environments**: "What you have is administrators who have a tough job to do. They're pulled in a million different directions, and so what happens? They sometimes reuse passwords both within the corporate IT environment, as well as the industrial control systems environments."
* **Operational priorities conflict**: Legacy systems "were not designed with security in mind. They were designed with uptime and availability as their primary goal."
* **Cultural resistance to change**: Organizations need "a cultural mindset shift" to effectively integrate security into operational technology environments.

##### The Human Solution Framework

* **Comprehensive stakeholder involvement**: Effective preparation "cannot be just security professionals who are involved in that. It really needs to be from the boardroom to the security operations center."
* **Extended ecosystem engagement**: Include "Partners, vendors, external counsel, law enforcement, and even better yet, bring the regulators into the dialogue."
* **Relationship building before crisis**: "The most prepared organizations we see are having that level of dialogue, preparedness and making sure that those relationships are in place in advance of an attack."

## **The Indiscriminate Data Grab Strategy**

Today's attackers have abandoned selective targeting for wholesale collection. The Unit 42 report reveals that 93% of cases investigated revealed indiscriminate data theft in 2023, up from 81% in 2022 and 67% in 2021. This shift reflects both automated tool availability and attackers' recognition that bulk data often reveals valuable targets when analyzed later.

Whitmore describes the threat actors' scale:

> Their ability to operate and collect information and data at scale -- whether it's from critical infrastructure entities, whether it's for corporate espionage purposes, whether it's simply data collections to be used for a later time.

## **Breaking Down Barriers Through Human Connection**

Despite escalating threats, Whitmore identifies effective intelligence sharing as a significant improvement driven by human relationships and crisis catalysts. "I do think intel sharing is happening more effectively than ever before," she explains. "People are in Slack channels together. They're on the phone together on a daily basis, sharing information in real time."

The transformation stems from a shared purpose of overcoming competitive barriers. "The Russia-Ukraine invasion really was a catalyst for a lot of that," Whitmore notes. "When it actually came time to say, 'Wow, okay. There are people's lives we need to protect here.' I think a lot of those barriers broke down between competitors in particular."

For intelligence sharing to succeed, Whitmore emphasizes it "needs to be contextualized and actionable, and it can't be slow and gated and working through bureaucratic means."

## **Preparing for AI-Accelerated Threats**

[Generative AI](https://www.paloaltonetworks.com/cyberpedia/what-is-generative-ai-security) played a pivotal role in enabling many malicious attacks during 2024, from creating convincing fake job candidates to disrupting elections. Whitmore advocates for defensive AI adoption but clarifies the human role: "Organizations should be fighting AI with AI, but that term can be misinterpreted or it can be kind of ambiguous."

Her vision balances automation with human expertise:

> Organizations need to be looking at, on the defensive side, how they implement AI into their workflows to give them increased visibility and increased speed to detect threats. There is no way that we are going to defeat these adversaries if we are working at manual speed and not taking as many of the manual tasks away from humans -- letting machines do those and letting humans do what we do best, which is work on solving the most challenging problems.

## **Comprehensive Scenario Planning, Beyond Technical Exercises**

Effective preparation requires thinking beyond immediate organizational boundaries. Whitmore describes comprehensive planning: "They're not only looking at: What happens if our organization goes down? But, they're looking at what if one of my most critical supply chain providers goes down? What do we do then? How do we communicate with them during this event?"

The planning must address practical details, she notes: "That's everything from the hardware that may be required to run the network, to what email devices \[or\] what email accounts are we going to communicate from, right? All of those are things that should be included in that preplanning."

Real-world examples demonstrate the scope required. Whitmore describes the [Olympics preparation](https://www.paloaltonetworks.com/blog/2024/07/cybersecurity-training-for-the-paris-2024-olympics/): "We worked with critical infrastructure providers who are providing power to the games, transportation, rail lines, airways, buses, infrastructure providers ... like the actual physical security at these events. And then all of the financial processing systems."

## **"Shields Up" --- The New Normal Requires Human Leadership**

"Cybersecurity has never been more important than it is today," Whitmore concludes. "Know that other nation-state adversaries throughout the world are leveraging cybersecurity to attack us, to attack our allies. And investments need to be made in making sure their defenses are consistent with a shields-up posture all of the time."

Organizations can no longer treat cyberthreats as episodic risks requiring only technical solutions. Success demands human leadership that recognizes relationships, communication, including cultural change as essential components of effective cybersecurity. As the Unit 42 Incident Response Report shows, attackers are moving toward "more technologically advanced -- and perhaps more efficient -- infiltration methods," making the human aspects of preparation, coordination and rapid decision-making as critical as any technology deployment.

The scope and sophistication of Chinese nation-state operations demand recognition that cybersecurity is fundamentally a human challenge enabled by technology, not the reverse.

## Beyond Technical Fixes

The unprecedented scale and sophistication of today's cyber threats, particularly from Chinese nation-state actors, demands more than incremental improvements to existing defenses. Organizations need comprehensive strategies that combine advanced technology with strong human leadership, proactive relationship building, as well as cultural transformation.

As Whitmore emphasizes, "Cybersecurity has never been more important than it is today." The question isn't whether your organization will face these threats, but whether you'll be prepared when they arrive.

## Ready to Learn More?

For deeper insights into threat trends, attack methodologies, and defensive strategies, dive into the complete[Unit 42 2024 Threat Report](https://unit42.paloaltonetworks.com/unit42-incident-response-report-2024-threat-guide/).

*** ** * ** ***

## Related Blogs

### [AI and Cybersecurity](https://www.paloaltonetworks.com/blog/security-operations/category/ai-and-cybersecurity/?ts=markdown), [AI Security](https://www.paloaltonetworks.com/blog/category/ai-security/?ts=markdown), [Interview](https://www.paloaltonetworks.com/blog/category/interview/?ts=markdown), [Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown)

[#### Baby Tigers Bite --- The Hidden Risks of Scaling AI Too Fast](https://www2.paloaltonetworks.com/blog/2025/06/hidden-risks-scaling-ai-too-fast/)

### [AI and Cybersecurity](https://www.paloaltonetworks.com/blog/security-operations/category/ai-and-cybersecurity/?ts=markdown), [AI Security](https://www.paloaltonetworks.com/blog/category/ai-security/?ts=markdown), [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown)

[#### What the Alien Franchise Taught Me About Cybersecurity](https://www2.paloaltonetworks.com/blog/2026/01/alien-franchise-taught-cybersecurity/)

### [AI Security](https://www.paloaltonetworks.com/blog/category/ai-security/?ts=markdown), [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Government](https://www.paloaltonetworks.com/blog/category/government/?ts=markdown), [Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown), [Public Sector](https://www.paloaltonetworks.com/blog/category/public-sector/?ts=markdown)

[#### Bridging Cybersecurity and AI](https://www2.paloaltonetworks.com/blog/2026/01/bridging-cybersecurity-and-ai/)

### [AI Security](https://www.paloaltonetworks.com/blog/category/ai-security/?ts=markdown), [Partners](https://www.paloaltonetworks.com/blog/category/partners/?ts=markdown), [Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown)

[#### Partnering with Precision in 2026](https://www2.paloaltonetworks.com/blog/2025/12/partnering-with-precision-in-2026/)

### [AI Security](https://www.paloaltonetworks.com/blog/category/ai-security/?ts=markdown), [Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown), [Secure the Future](https://www.paloaltonetworks.com/blog/category/secure-the-future/?ts=markdown)

[#### Crossing the Autonomy Threshold](https://www2.paloaltonetworks.com/blog/2025/12/crossing-autonomy-threshold/)

### [AI Security](https://www.paloaltonetworks.com/blog/category/ai-security/?ts=markdown), [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown), [Predictions](https://www.paloaltonetworks.com/blog/category/predictions/?ts=markdown)

[#### 2026 Predictions for Autonomous AI](https://www2.paloaltonetworks.com/blog/2025/11/2026-predictions-for-autonomous-ai/)

### Subscribe to the Blog!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://www2.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language