According to the Netherlands’ military intelligence service, China has reached parity with the United States in terms of offensive cyber power. This advancement has created a challenging security landscape, where authorities estimate that just a fraction of cyber attacks aimed at Dutch assets are successfully identified. 

“China now probably stands on an equal footing with the United States in the area of offensive cyber capabilities,” stated the country’s Defence Intelligence and Security Service (MIVD) in its public annual report released on 21st April, Tuesday. 

The U.S. Office of the Director of National Intelligence, in its 2025 threat assessment, acknowledged China’s advanced cyber prowess, stating it has shown the capacity to breach U.S. infrastructure. Despite this, the assessment did not go as far as to claim that China’s capabilities are equal to those of the United States. 

The MIVD has warned that threats linked to Beijing are now largely unmet, as their advanced and complex nature means intelligence services and cybersecurity teams frequently fail to detect ongoing operations. 

“Detection, response and mitigation are often inadequate against the extensive and professional Chinese cyber threat,” the report states. The service “estimates that probably only a limited proportion of Chinese cyber operations against Dutch interests is detected and subsequently mitigated.” 

According to the report, previously unreported PLA hacking units have now been identified in Western intelligence disclosures. It highlights that in 2025, different teams within a single unit were actively competing to uncover weaknesses in particular categories of edge devices. 

The development follows a report from Google’s Threat Intelligence Group, which noted last month that China-affiliated groups had significantly increased their zero-day exploitation in 2025—doubling their activity and maintaining their position as the most active state-backed users of undisclosed vulnerabilities. 

According to the MIVD, the PLA’s 2024 reorganization—marked by the dissolution of the Strategic Support Force and the creation of a dedicated Cyberspace Force—has directly contributed to improved cyber performance. The agency notes that in 2025, this restructuring has enabled Chinese operators to rapidly adapt their tooling and infrastructure and respond dynamically to changing scenarios. 

It forecasts that 2026 will see an increase in the number of cyber campaigns exploiting vulnerabilities, with a strong emphasis on edge technologies including routers, firewalls, and VPN systems. 

According to the agency, a China-linked cyberespionage campaign tracked under the names Salt Typhoon and RedMike successfully gained access to routers used by smaller hosting providers and ISPs in the Netherlands during 2025. 

The revelations represent another move by Dutch intelligence to expose Chinese cyber activity. Earlier, in February 2024, the agency disclosed that attackers had infiltrated a compartmentalized Dutch Ministry of Defence network through a FortiGate flaw, using malware it named COATHANGER. 

Subsequent findings showed the campaign had spread to at least 20,000 FortiGate devices worldwide, with the MIVD cautioning that identifying and eliminating the infections remains difficult. 

At the time, the Dutch defence minister Kajsa Ollongren said it was “important to attribute such espionage activities by China. In this way we increase international resilience against this type of cyber espionage.” 

Echoing broader Western intelligence views, the MIVD describes China’s operations as following a “whole of society approach,” driven by laws that mandate cooperation with state intelligence from individuals and organizations alike. The report notes that in the Netherlands, such cooperation was made a criminal offence under revised espionage legislation in 2025. 

According to the MIVD, Chinese actors are increasingly directing their efforts toward Dutch academia and industry, aiming to obtain sensitive technologies related to semiconductors, quantum computing, and aerospace. 

According to the report, Chinese cyber actors are increasingly challenging Dutch and allied defences, with certain groups systematically targeting the EU and NATO, while others focus on exploiting weaker networks as opportunities arise. It highlights that China can now more effectively combine cyber offensives with military operations, echoing concerns about the Volt Typhoon group. U.S. officials and Five Eyes partners believe this PLA-affiliated group is pre-positioning cyber implants within Western critical infrastructure, potentially for use in a future conflict, most likely involving Taiwan. The MIVD also подчеркed that China has never excluded military options to take control of the island.