Google Cloud: China Achieves “Cyber Superpower” Status

Posted on by

China has reached a “cyber superpower” status, which makes it extremely challenging to stop, according to Sandra Joyce, Vice President of Google Threat Intelligence Group.

Speaking to the press during the Google Cloud Next 2025 event, Joyce said that we are looking at a major increase in China’s cyber capability.

This includes an ongoing growth in zero-day vulnerability exploitations in the wild by Chinese state hackers, which has risen exponentially since 2021.

A particularly concerning development is these actors’ ability to circumvent security controls and stay undetected in networks.

This was demonstrated by the prolonged cyber intrusion by the Volt Typhoon group in US government and critical infrastructure networks.

Joyce noted: “They’re leveraging what we’re calling the visibility gap, concentrating their efforts on those devices where endpoint detection and response solutions (EDRs) don’t traditionally operate, such as firewalls and edge devices.”

While Chinese state actors previously could be detected by identifying actor-controlled infrastructure used for intrusions, Joyce said they now use rented infrastructure, which is updated approximately every 30 days.

Another common technique employed by these groups is the use of commodity malware during the initial incursion, before deploying fully featured backdoors once full access is gained.

China Yet to Unleash Destructive Attacks

Notably, unlike the other three major nation-state cyber actors, China has yet to launch any destructive attacks, focusing solely on espionage. This is despite the access it has gained to critical infrastructure in the US and allies, such as energy and water.

Russia has shown it to us many times over, Iran has shown it, North Korea has shown it, but China has not,” Joyce said.

Government officials have warned that China is likely pre-positioning itself in these systems to be able to launch destructive attacks in the event of escalating geopolitical tensions or military conflict.

“There’s likely a capability we haven’t seen but certainly espionage is first and foremost China’s big lever to pull,” Joyce explained.

Cybercriminals Remain the Primary Threat

Despite the high concerns about nation state cyber activity, Joyce emphasized that financially motivated cybercriminals are responsible for most of the attacks seen today.

Heather Adkins, VP Engineering at Google, told Infosecurity that current threats from cybercriminals are also not especially novel, tending to leverage basic security failings such as credential compromise and phishing attacks.

“I actually think we know everything about what hackers are doing,” she noted.

However, the scale of such attacks is making a big difference. In particular, attacker platforms are becoming more automated, which is enabling campaigns to be conducted en masse.

In addition, this trend is lowering the barrier to entry for cybercriminals, who no longer require complex hacking skills.