Mandia: China replaces Russia as top cyber threat

Beijing's growing sophistication in cyberspace is making China an increasingly potent adversary, according to Kevin Mandia.
The cybersecurity executive Kevin Mandia speaks against a backdrop depicting a stylized version of the U.S. Capitol.

After improving the sophistication and stepping up the aggressiveness of its cyber operations, China has displaced Russia as the top threat in cyberspace, the veteran cybersecurity executive Kevin Mandia said Tuesday.

Speaking at the Google Public Sector Forum presented by Scoop News Group, Mandia said that Beijing’s hackers have replaced Russia’s SVR foreign intelligence service as top dog in the offensive cyber world. “China innovates more than anybody on the front lines,” said Mandia, the CEO of Mandiant, the threat intelligence and incident response firm acquired by Google last year.

Mandia said that he or somebody he works with has responded to a breach from China every day since 1995, and U.S. intelligence services are increasingly warning of the threat posed by Chinese hackers. The U.S. intelligence community’s recent threat assessment and the Department of Homeland Security have both pointed to China as a leading threat in cyberspace.

From 2004 to around 2019, Russia was the so-called apex threat, but that has changed as Chinese actors have improved operational security, upgraded their hacking toolkits and improved training for their hackers, Mandia said.


The deployment of two zero day vulnerabilities against a firewall vendor as part of an operation targeting U.S. defense contractors earned Chinese hackers the distinction of carrying out the most expensive hack observed by Mandiant last year.

“Quite frankly, they are the one apex attacker in cyberspace,” Mandia said.

U.S. intelligence officials have in recent months described a Chinese operation targeting U.S. infrastructure in Guam that might be used to disrupt communications in a crisis. Meanwhile, Microsoft has been scrambling to address the theft of a sensitive signing key that was used by Chinese operators to spy on the emails of top U.S. officials.

Last month, Homeland Security Secretary Alejandro Mayorkas warned Latin American leaders that investments from Beijing in new technologies like 5G could be exploited by Chinese hackers to carry out operations.

China has also turned to new technologies like artificial intelligence in hopes of creating viral disinformation that furthers China’s geopolitical aims, researchers have said.

Latest Podcasts