China’s cyber capabilities now equal to the US, warns Dutch intelligence

The Netherlands' military intelligence service says it believes China has drawn level with the United States in offensive cyber capabilities, leading to a situation where only a fraction of Chinese operations against Dutch interests are ever detected.

“China now probably stands on an equal footing with the United States in the area of offensive cyber capabilities,” stated the country’s Defence Intelligence and Security Service (MIVD) in its public annual report released Tuesday.

The U.S. Office of the Director of National Intelligence, in its own 2025 threat assessment, described China as having "demonstrated the ability to compromise U.S. infrastructure through formidable cyber capabilities,” but without declaring parity.

According to the MIVD, the threat from Beijing is now largely going unmet and is so sophisticated its operations are regularly missed by intelligence agencies and cybersecurity defenders.

“Detection, response and mitigation are often inadequate against the extensive and professional Chinese cyber threat,” the report states. The service “estimates that probably only a limited proportion of Chinese cyber operations against Dutch interests is detected and subsequently mitigated.”

The report also sets out details about PLA hacking units that have not previously appeared in Western public intelligence reporting, stating that “multiple components within the same unit were even competing to find vulnerabilities in a particular type of edge device” in 2025.

It follows Google's Threat Intelligence Group reporting last month that China-linked groups had doubled their zero-day exploitation in 2025 and remain “the most prolific” state-sponsored users of previously unknown vulnerabilities.

The MIVD connects that improved performance to the PLA's 2024 cyber restructuring, when Beijing dissolved its Strategic Support Force and created a standalone Cyberspace Force. The reorganization “enabled Chinese hackers in 2025 to continuously adapt their tooling and infrastructure and to respond very flexibly to opportunities and changing circumstances.”

It forecast “a further increase in the number of campaigns aimed at exploiting vulnerabilities, including in edge devices such as routers, firewalls and VPN solutions” in 2026.

The agency said a Chinese cyberespionage campaign tracked as Salt Typhoon and RedMike gained access to routers at smaller Dutch hosting and internet service providers in 2025.

The country’s Ministry of Defence had previously confirmed “smaller internet service and hosting providers” had been targeted by the threat group, though it said the hackers were not believed to have penetrated beyond the router level into internal networks.

The MIVD describes telecommunication firms as “priority targets of Chinese hackers because valuable information can be obtained from them.” Dutch services joined a 13-country advisory in August 2025 attributing the campaign to three Chinese technology companies working on behalf of Beijing.

Whole of society approach

The disclosures are the latest attempt by the Dutch intelligence services to publicize Chinese intrusion. In February 2024, the service revealed that Chinese hackers had broken into a compartmentalized Dutch Ministry of Defence network by exploiting a FortiGate vulnerability, deploying malware the agencies named COATHANGER.

A subsequent investigation found the same campaign had infected at least 20,000 FortiGate systems worldwide, with the MIVD warning that infections remained difficult to identify and remove.

At the time, the Dutch defence minister Kajsa Ollongren said it was “important to attribute such espionage activities by China. In this way we increase international resilience against this type of cyber espionage.”

The MIVD’s report echoes other Western assessments describing China's intelligence operations as running on a “whole of society approach,” noting that Beijing's legal framework requires all Chinese citizens, companies and organizations to cooperate with state intelligence. Such cooperation became a criminal offence in the Netherlands under amended espionage law in 2025.

China is also actively targeting Dutch researchers, businesses and universities, the MIVD says, seeking technology from the semiconductor, quantum computing and aerospace sectors.

Chinese hackers, the report concludes, are “putting Dutch and allied cyber defence to the test” through groups that “structurally target the European Union and NATO” as well as others that “opportunistically target vulnerable networks.”

The report also cautions that China can now “better integrate offensive cyber capabilities with military operations,” echoing warnings about Volt Typhoon – the PLA-linked group that U.S. officials and Five Eyes partners have assessed is pre-positioning implants in Western critical infrastructure for potential activation in a future conflict. Washington has said the most likely trigger is Taiwan.

The MIVD separately noted that China has “never excluded the use of military means” to annex the island.