Cyberspace has become the new realm for battles to be waged, where state/non-state-sponsored groups are exploiting cyber vulnerabilities to control critical state sectors. Cyberattacks have escalated beyond espionage and financial theft to actions that constitute acts of war, endangering national and global security. Salt Typhoon and Volt Typhoon, People’s Republic of China (PRC) sponsored cybergroups, have persistently been identified as the main culprits of these cyberattacks.
In 2024, Salt Typhoon had infiltrated major U.S. telecommunications networks including AT&T, Lumen, and Verizon. They were able to gather vast amounts of data (e.g. phone logs, text messages, geolocations, etc.) and breach the privacy of millions of users, including government and military personnel, underscoring the groups abilities to exploit critical state sectors. These attacks are aimed at advancing the PRC’s geopolitical strategies of weakening Western powers. Due to the persistent attacks, over 20 states and organizations have come together to publish a Joint Cybersecurity Advisory. This Advisory exposes the PRC’s attacks and tactics, as well as warns of the emerging threats that are to come if these attacks are not properly addressed.
Salt Typhoon is a PRC-sponsored advanced cyber espionage group that targets critical sectors like telecommunications, while its associated groups, like Volt Typhoon, have targeted crucial infrastructure sectors like energy, transportation, and water systems. These attacks focus on gaining continuous access to critical sectors and controlling them at will. They do this by exploiting vulnerabilities such as outdated routers, unpatched software, and insecure VPNs, allowing them to remain undetected for months. Due to the longevity of their attacks, some being over 8 months long, the Typhoons, and similar actors, are commonly classified as Advanced Persistent Threat (APT) actors.
Thus far, Salt Typhoon has infiltrated 20 Canadian government networks, 9 major U.S . telecommunication companies, the U.S. National Guard, Dutch Infrastructure and many more attacks in over 20 states. If these attacks are not adequately addressed and remain undetected, they could lead to adversary cyber groups and states gaining full access and control over critical sectors. If such were the case, said groups would have the ability to potentially shut down energy grids, compromise military communication, restrict transportation, and instill insecurities within citizens. This control over critical sectors would help fulfill the PRC’s strategies of weakening Western power and positioning itself as an ultimate global power. Therefore, the scope of cyberattacks has gone far beyond financial gain and website propaganda to geopolitical attacks that could be considered war-like.
Due to the severity of these attacks, over 20 state organizations (e.g., the U.S. Federal Bureau of Investigation (FBI), the Canadian Centre for Cyber Security (Cyber Centre), the United Kingdom National Cyber Security Centre (NCSC-UK) and many more) have gathered together to address the continuous cyberattacks through a Joint Cybersecurity Advisory. The Advisory names Salt Typhoon and associated groups (RedMike, OPERATION PANDA, etc.) as the main offenders with offences dating back to 2021. The Advisory urges network defenders to be aware of malicious activities within their systems and describes how to recognize the presence of APT actors and how to improve system vulnerabilities. By jointly publishing this Advisory, states and organizations are demonstrating their strength in unity to fight against PRC cyberattacks, while advocating for increased cybersecurity and awareness. Canada’s experience underscores why this coordinated response matters.
Canada, as one of the five nations that contributed to the production of the Advisory, has been a frequent target of PRC-sponsored cyberattacks. According to the Cyber Centre’s National Security Assessment 2025-2026, the PRC has been consistently classified as the most active and persistent threat to Canadian national security. If Canadian cyber defence strategies are not strengthened, cyberattacks could not only infringe on Canadian national security but also have direct implications for the NATO alliance and Western security. The Advisory assists Canadians by spreading knowledge and awareness of cyberattacks, while highlighting Canada’s commitment to supporting allies and cybersecurity
NATO, although not directly involved in the Advisory, has also experienced malicious cyberattacks from PRC-sponsored groups. One of the most recent was during the 2024 Washington Summit, in which the PRC’s groups were clearly identified as likely perpetrators. Because these attacks aim to influence the security of member state, some have debated whether this should be sufficient to trigger NATO’s Article 5, collective-defence clause. The PRC-sponsored cyberattacks are going far beyond espionage and shifting towards acts of warfare that could then require warfare responses from NATO and member states.
However, this is not the first time a Joint Advisory has been released; frankly, it is not even the only one to be released in 2025. Cyberattacks from PRC and other adversary states are only becoming more advanced, persistent, and dangerous. States that have long relied on their technological superiority are now being challenged on their power and credibility as global leaders. If member states do not prioritize advancing cybersecurity and rapid government responses, they could face losing control of critical sectors and security, while gearing up for the new battlefield. Nonetheless, this Advisory demonstrates that PRC-sponsored cyberattacks are not dividing allies but instead uniting them. The challenge now is for allied governments to move from joint warnings to concrete, coordinated action that hardens defences and preserves the stability of the international order.
