Key Takeaways
- According to Mandiant's M-Trends 2023 report, Chinese APT groups like UNC4841 were responsible for 15% of all detected espionage intrusions globally in 2022
- FireEye identified APT41 (a Chinese state-sponsored group) conducting dual espionage and financially motivated attacks on 20+ countries since 2019
- Microsoft Threat Intelligence Center attributed over 40% of nation-state attacks on Taiwan in 2023 to Chinese groups like Storm-0558
- Zscaler detailed Chinese STASHedInjector malware in 22 campaigns 2023, category: APT Groups and Attribution
- Chinese hackers used living-off-the-land techniques in 70% of detected intrusions per Mandiant 2023
- Microsoft found Chinese groups exploiting 45 zero-days in 2023 alone
- CrowdStrike reported Chinese use of Cobalt Strike in 55% of C2 ops 2023
- Chinese cyber ops exfiltrated 100TB data from US firms 2010-2020 per NSA
- Economic loss from Chinese IP theft $225-600B annually to US per IP Commission
- 80% dwell time >100 days for Chinese APTs per Mandiant M-Trends 2023
- Operation Aurora in 2009 by Chinese hackers exploited IE zero-day affecting 30+ corps
- OPM breach 2015 by Chinese stole 21.5M records from US gov
- SolarWinds supply chain attack 2020 partially attributed to Chinese alongside Russian, affecting 18k orgs
- In 2022, Chinese hackers targeted 80% of Fortune 1000 firms per Verizon DBIR
- US Treasury reported Chinese espionage hit 50% of financial sector in 2023
Chinese-linked attackers drove major global espionage and critical infrastructure threats in 2022 and 2023.
Related reading
01 · Category
Apt Groups And Attribution29 stats
Apt Groups And Attribution Interpretation
02 · Category
Apt Groups And Attribution, Source Url: Https://www.zscaler.com/blogs/research/1 stats
Apt Groups And Attribution, Source Url: Https://www.zscaler.com/blogs/research/ Interpretation
03 · Category
Attack Methods And Tools24 stats
Attack Methods And Tools Interpretation
More related reading
04 · Category
Impacts And Responses24 stats
Impacts And Responses Interpretation
05 · Category
Notable Incidents21 stats
Notable Incidents Interpretation
06 · Category
Targeted Sectors26 stats
Targeted Sectors Interpretation
Chinese threat activity: intrusion share, access methods, and exploitation
Multiple reports attribute a substantial share of observed intrusion activity and exploitation techniques to Chinese-linked threat actors, including high shares of intrusions using living-off-the-land tactics and frequent use of common malware/attack chains.
Cite This Report
This report is designed to be cited. We maintain stable URLs and versioned verification dates. Copy the format appropriate for your publication below.
Isabelle Moreau. (2026, February 13). Chinese Cyber Attack Statistics. Gitnux. https://gitnux.org/chinese-cyber-attack-statistics
Isabelle Moreau. "Chinese Cyber Attack Statistics." Gitnux, 13 Feb 2026, https://gitnux.org/chinese-cyber-attack-statistics.
Isabelle Moreau. 2026. "Chinese Cyber Attack Statistics." Gitnux. https://gitnux.org/chinese-cyber-attack-statistics.
Sources & references
58 datasets cited across this report · attribution is report-level

