We get used to the daily dose of news about hacking from Russia and North Korea, but China is an increasing threat in terms of Cyber Security. Today we have a special edition with three stories that illustrate the risks coming from China. Concerns from Silicon Valley. A stunning report on how deeply China has infiltrated the Canadian Government systems and a botnet that just won’t go away has Chinese origins.
Chinese Spies Turn Up the Heat in Silicon Valley, Prompting Concerns Over Espionage
Silicon Valley, home to the world’s leading tech giants, has long been a breeding ground for innovation—and, increasingly, for espionage. Amid an escalating geopolitical struggle, Chinese spies are stepping up their operations in America’s tech hub, putting companies like Google, Tesla, and Apple directly in their crosshairs.
The most recent episode involved Linwei Ding, a Google employee, who was caught red-handed trying to steal trade secrets to launch his own company in China. Ding, who worked at Google’s California headquarters for four years, had covertly downloaded more than 500 files related to Google’s AI technology. Investigators also discovered that Ding had deceived a colleague into scanning his access badge to make it look like he was at the office when he was actually in China pitching to investors. On January 6, a day before Ding was set to leave for Beijing, FBI agents raided his home and seized his devices. Ding has pleaded not guilty, but his case is just the tip of a very large iceberg.
The FBI and other U.S. agencies are increasingly sounding the alarm on China’s corporate espionage operations. American authorities claim that China’s need for cutting-edge technology has grown more urgent due to strict export controls on advanced chips and AI systems. As a result, China’s Ministry of State Security (MSS) has allegedly turned to clandestine methods to bridge the technology gap. Beijing’s efforts have not just targeted Google—in recent years, individuals have been charged with stealing technology from companies including Tesla, Apple, and IBM, with the aim of transferring it back to China, often successfully.
“Virtually all PRC citizens who work in technology companies abroad are allowed by the MSS to steal proprietary information,” said Nigel West, an intelligence expert. “It’s state-sponsored theft, and it’s designed to give Chinese companies a competitive advantage without investing the time or money in R&D.” West describes a systemic effort that is state-backed, with Chinese nationals often facing no consequences if they take stolen technology home to exploit it for profit.
Recent publicized incidents are highlighting an intensifying battle over technology and innovation, with China appearing undeterred by U.S. legal action. Just this June, a Canadian national pleaded guilty to stealing battery manufacturing secrets from Tesla to launch a similar venture in China. In another instance, multiple former Apple employees were caught attempting to flee the U.S. with proprietary information related to self-driving car technology.
Last year, the U.S. launched a “Disruptive Technology Strike Force” to address high-tech theft, signaling a recognition of the scale of this threat. For Silicon Valley, this is not just about safeguarding intellectual property—it’s about maintaining the U.S.’s position at the forefront of global technology. Companies have stepped up their internal security measures, screening employees more rigorously, and working closely with federal authorities to counter these growing threats. But as Beijing’s ambitions grow, Silicon Valley’s tech giants are facing an uphill battle in defending themselves against espionage on an unprecedented scale.
Chinese Hackers Breached Canadian Government Systems for Five Years
Chinese hackers reportedly infiltrated Canadian government networks for five years, gaining access to sensitive information, according to the National Cyber Threat Assessment 2025-2026 report from Canada’s Cyber Centre, part of the Communications Security Establishment (CSE). The report claims the intrusions, attributed to Chinese state-sponsored actors, aimed to gain strategic, economic, and diplomatic leverage.
The hackers allegedly targeted a wide range of governmental systems, including federal, provincial, and Indigenous networks. The report states, “PRC state-sponsored cyber threat actors persistently conduct cyber espionage against federal, provincial, territorial, municipal, and Indigenous government networks in Canada.” Notably, members of the Inter-Parliamentary Alliance on China (IPAC), who have criticized the Chinese Communist Party, were targeted in 2021 through phishing emails designed to plant trackers on their devices.
The attackers were interested in sectors like advanced robotics, quantum computing, 6G networks, Web3 technology, and aviation, with private sector organizations in these fields also affected. Although the Cyber Centre claims that “all known federal government compromises” have been resolved, it warns that remnants of these attacks may still exist due to the extensive time and resources hackers invested in studying Canadian networks.
Earlier in 2024, the Canadian government had cautioned that Chinese threat actors conducted “multiple reconnaissance scans” on various government bodies, political parties, and critical infrastructure, underscoring the persistent risk these cyber-espionage campaigns pose to Canada’s security.
Chinese-Linked Botnet of Hacked TP-Link Routers Targets Microsoft Azure Accounts
Hackers linked to the Chinese government are using a large botnet of compromised TP-Link routers to conduct highly evasive password-spraying attacks on Microsoft Azure accounts, Microsoft warned this week. Dubbed “CovertNetwork-1658” by Microsoft, this botnet comprises thousands of routers, cameras, and Internet of Things (IoT) devices, posing a significant challenge for detection and mitigation.
The botnet, previously identified as Botnet-7777 by researchers in 2023, initially included over 16,000 devices. By rotating compromised routers’ IP addresses, hackers mask login attempts across multiple IP addresses, making it difficult for security systems to detect these password-spraying attacks. Microsoft notes that the botnet now averages around 8,000 active devices, largely composed of hacked TP-Link routers.
Some characteristics of the attacks make them especially difficult to identify. Hackers use low-volume login attempts to avoid triggering traditional security alerts, while frequently rotating IP addresses among a broad set of compromised Small Office/Home Office (SOHO) devices. Additionally, each device in the botnet operates for an average of 90 days before cycling out, complicating tracking and shutdown efforts.
Microsoft cautioned that any group using the CovertNetwork-1658 infrastructure can mount these widespread account-takeover campaigns, posing risks to multiple sectors. This threat’s persistence highlights the need for enhanced security on IoT devices and vigilance from organizations using cloud services like Azure.
This is Cyber Security Today. I”m your host, Jim Love
That’s our show for today.