China’s Cyber Capabilities Equal U.S. Threat, Warns Dutch Intelligence Service

The Defence Intelligence and Security Service (MIVD) of the Netherlands has issued a stark warning regarding China’s cyber capabilities, asserting that the nation has achieved parity with the United States in offensive cyber operations. This development poses significant risks, as only a small fraction of Chinese cyber activities targeting Dutch interests are detected.

In its annual report released on Tuesday, the MIVD stated, “China now probably stands on an equal footing with the United States in the area of offensive cyber capabilities.” This assertion aligns with findings from the U.S. Office of the Director of National Intelligence, which, in its 2025 threat assessment, recognized China’s ability to compromise U.S. infrastructure but stopped short of declaring a balance in capabilities.

Unmet Threats and Detection Challenges

The MIVD’s report highlights that the threat from Beijing remains largely unaddressed and sophisticated enough to evade detection by intelligence agencies and cybersecurity defenders. The report emphasizes that “detection, response and mitigation are often inadequate against the extensive and professional Chinese cyber threat.” It estimates that only a limited proportion of Chinese cyber operations targeting Dutch interests are detected and subsequently mitigated.

The report also sheds light on the structure of Chinese hacking units, revealing that “multiple components within the same unit were even competing to find vulnerabilities in a particular type of edge device” in 2025. This level of coordination and competition within Chinese cyber units underscores the evolving nature of their capabilities.

Recent findings from Google’s threat intelligence Group indicate that China-linked groups have doubled their exploitation of zero-day vulnerabilities in 2025, making them “the most prolific” state-sponsored users of previously unknown weaknesses. This escalation in cyber activities is closely linked to the restructuring of the People’s Liberation Army (PLA) in 2024, which saw the dissolution of its Strategic Support Force and the establishment of a standalone Cyberspace Force. This reorganization has allowed Chinese hackers to adapt their tools and infrastructure more flexibly to exploit new opportunities.

Increasing Vulnerabilities and Targeted Campaigns

The MIVD anticipates a rise in campaigns aimed at exploiting vulnerabilities in edge devices, such as routers, firewalls, and VPN solutions, in 2026. A notable cyberespionage campaign, tracked as Salt Typhoon and RedMike, reportedly gained access to routers at smaller Dutch hosting and internet service providers in 2025. The Dutch Ministry of Defence confirmed that these smaller providers had been targeted, although the hackers did not penetrate beyond the router level into internal networks.

Telecommunication firms are identified as “priority targets of Chinese hackers because valuable information can be obtained from them.” In August 2025, Dutch intelligence services participated in a 13-country advisory that attributed the Salt Typhoon campaign to three Chinese technology companies acting on behalf of Beijing.

Whole of Society Approach to Cyber Espionage

The MIVD’s disclosures reflect ongoing efforts to raise awareness about Chinese cyber intrusions. In February 2024, the agency revealed that Chinese hackers had infiltrated a compartmentalized Dutch Ministry of Defence network by exploiting a vulnerability in FortiGate systems, deploying malware identified as COATHANGER. Investigations revealed that the same campaign had infected at least 20,000 FortiGate systems globally, with the MIVD warning that these infections remained difficult to identify and eradicate.

Dutch Defence Minister Kajsa Ollongren emphasized the importance of attributing such espionage activities to enhance international resilience against cyber threats. The MIVD’s report aligns with other Western assessments that characterize China’s intelligence operations as employing a “whole of society approach,” where all citizens, companies, and organizations are legally required to cooperate with state intelligence efforts. This cooperation has been criminalized in the Netherlands under amended espionage laws enacted in 2025.

Targeting Key Sectors and Military Integration

The MIVD reports that China is actively targeting Dutch researchers, businesses, and universities, particularly in sectors such as semiconductors, quantum computing, and aerospace. The report concludes that Chinese hackers are “putting Dutch and allied cyber defence to the test” through groups that systematically target the European Union and NATO, as well as those that opportunistically exploit vulnerable networks.

Furthermore, the report warns that China can now “better integrate offensive cyber capabilities with military operations.” This aligns with concerns regarding the Volt Typhoon group, linked to the PLA, which U.S. officials and Five Eyes partners believe is pre-positioning implants in Western critical infrastructure for potential activation during future conflicts. The most likely trigger for such an escalation is the Taiwan situation.

The MIVD has noted that China has “never excluded the use of military means” to annex Taiwan, further complicating the geopolitical landscape.

For more insights, visit therecord.media.

Keep reading for the latest cybersecurity developments, threat intelligence and breaking updates from across the Middle East.