In case we forgot, Typhoon attacks remind us of China’s cyber capability—and intent

Australians need to understand the cyber threat from China.

US President Donald Trump described the launch of Chinese artificial intelligence chatbot, DeepSeek, as a wake-up call for the US tech industry. The Australian government moved quickly to ban DeepSeek from government devices.

This came just weeks after the Biden administration stunningly admitted on its way out of office that Chinese Communist Party hackers were targeting not just political and military systems but also civilian networks such as water and health. The hackers could shut down US ports, power grids and other critical infrastructure.

These incidents remind us that China has the intent, and increasingly the capability, to seriously challenge US and Western technology advantage. Australia will be an obvious target if regional tensions continue to rise. It must be well-prepared.

As ASPI’s Critical Technology Tracker highlights, China’s advances in critical technologies have been foreseeable for some time. US and Western confidence is manifesting as complacency.

DeepSeek has emerged as a cheap, open-source AI rival to the seemingly indomitable US models. It could enable Chinese technology to become enmeshed in global systems, perhaps even in critical infrastructure.

Meanwhile, Chinese hackers have stealthily embedded themselves in US critical infrastructure, potentially enabling sabotage, or the coercive threat of sabotage, to extract something Beijing wants. The two main perpetrators of these operations are Salt Typhoon and Volt Typhoon. The Chinese government backs both.

Salt Typhoon’s infiltration of at least nine US telecom networks has enabled CCP-sponsored hackers to geolocate individuals and record phone calls, directly threatening personal privacy and national security. This devastating counterintelligence failure includes the identification of individuals that US agencies suspect are agents working for China. It also enables CCP surveillance and coercion of US nationals and Chinese dissidents.

If anything, Volt Typhoon poses a greater threat, with covert access to critical infrastructure networks. Each reinforces the dangers of the other.

Some US officials involved in the investigation have said the hack is so severe, and the networks so compromised, that the United States may never be sure the intruders have been fully rooted out.

Both operations demonstrate sophisticated stealth. In particular, Volt Typhoon’s technique of living off the land—in which they sit at length in the systems, using its own resources—made detection harder. It could gain outwardly legitimate access without the requirement for malware. This reveals an intent to map and maintain access to critical systems, not for immediate destruction, but for whenever best serves Beijing’s interests. In this sense, it can be seen as a precursor to war.

The focus on critical infrastructure underscores how malicious cyber operations can undermine national resilience during peacetime and crises and sow doubt on a government’s ability to safeguard the people. Through these operations, adversaries could influence a target country’s decisions as leaders avoid taking any action that might provoke a disruption or sabotage.

Australia’s intelligence agencies are aware of these risks. Australia’s director-general of security, Mike Burgess, warned in his 2024 annual threat assessment that ‘the most immediate, low cost and potentially high-impact vector for sabotage [by foreign adversaries] is cyber’. This was reinforced in his 2025 assessment when he declared that ‘foreign regimes are expected to become more determined to, and more capable of, pre-positioning cyber access vectors they can exploit in the future.’ He warned that we’re getting closer to the threshold for ‘high-impact sabotage’.

The Australian Signals Directorate has been improving preparedness and resilience. It has helped Australian organisations to defend themselves and mitigate prepositioning and living-off-the-land techniques. ASD has also been building offensive capabilities needed to impose costs on attackers.

We must avoid the traps China sets as it seeks global information dominance. First, we can’t be complacent. It’s unsafe to assume that the US and its allies will remain decisively better than China, and that we can counter whatever Beijing can do. Second, we must reject the viewpoint that ‘everyone spies so it would be hypocritical to condemn China’, as it is a false moral equivalence. Third, we must avoid arguing that there isn’t present threat just because Beijing doesn’t have the intent to go to war today. This wishful thinking is a dangerous mistake. If we fall into these traps, we present Beijing with more time and render ourselves incapable of advancing our interests.

Chinese capabilities are strong and growing, and the way they are being used by the CCP demonstrates clear malign intent. This should be pushing elected governments to take the protective action and prepare for future cyber operations.

The reluctance to see the threats in the information domain as equal to traditional threats is a decades-old mistake that must be corrected. We need to minimise our dependence on China for technology.

You might also like
Prioritising North Korea in the UN Security Council
China choice: Thai parallels for Australia
Analysing Wang Liqiang’s claims about China’s military networks
Policy, Guns and Money: Cultural destruction and detention facilities in Xinjiang
How the US and Australia can support Taiwan before it’s too late
A shift to Asia won’t solve Russia’s economic woes