China Accuses U.S. of Hacking State Agencies, Sparking Fears of a New U.S.–China Cyberwar

China Says “U.S. Hacked Its State Agencies”
Washington Has Long Accused Beijing of Cyberattacks
Countries Worldwide Struggle to Contain Expanding Chinese Hacking Networks

China has claimed that its National Time Service Center was the target of a cyberattack, alleging that the United States had infiltrated key state facilities for years to steal sensitive information. As Washington and its allies have long accused Beijing of conducting similar hacking operations, the latest incident is expected to further escalate the ongoing cyberwar between the two powers.

China’s National Time Service Center Hacked by the U.S.?

According to Bloomberg on October 19 (local time), China’s Ministry of State Security (MSS) announced via its official WeChat account that the U.S. National Security Agency (NSA) had hacked employees’ mobile phones at the National Time Service Center since March 2022 and stolen sensitive information. Located in Xi’an, northwestern China, the center operates under the Chinese Academy of Sciences and is responsible for generating, maintaining, and distributing the national standard time — a key facility supporting government, industry, and civil infrastructure.

The MSS claimed that the NSA exploited vulnerabilities in text messaging services of foreign smartphone brands to hack employees’ phones and, since 2023, had reused stolen login credentials to monitor the center’s internal systems. Between August 2023 and June 2024, the NSA allegedly deployed 42 specialized hacking tools to target critical infrastructure, including high-precision ground-based time systems, using virtual private networks (VPNs) and forged certificates to conceal its tracks.

The ministry said the attacks mostly occurred between midnight and dawn Beijing time, using virtual private servers (VPS) based in the United States, Europe, and Asia as “jump servers” to mask their origin. It added that authorities had taken defensive measures in response and implemented preventive steps to strengthen the center’s cybersecurity.

Chinese Hackers Step Up Attacks on the U.S.

Beijing’s latest allegations could become a new flashpoint in the intensifying cyberwar between China and the United States. Washington, for its part, has long claimed to be a victim of Chinese state-backed hacking groups. In June, the Associated Press reported that a cyber group linked to China’s military and intelligence agencies had infiltrated U.S. telecommunications networks to access the smartphones of Americans working in areas of interest to Beijing. Investigators from cybersecurity firm iVerify said there was no direct evidence identifying the attackers, but noted that all victims worked in fields long targeted by Chinese hackers.

Last month, a separate report suggested that a China-affiliated hacking group may have stolen personal data on nearly the entire U.S. population. According to The New York Times, a group known as “Salt Typhoon” had conducted years of cyberattacks that potentially compromised information on most Americans. U.S. officials and experts concluded after a yearlong investigation that the campaign was one of the largest global hacking operations ever recorded, targeting more than 80 countries.

A joint investigation by the FBI and intelligence agencies from twelve allied nations found that the group had infiltrated major telecommunications, transportation, and hospitality companies since at least 2021. The hackers were linked to three Chinese technology firms that reportedly carried out operations overseas on behalf of China’s intelligence and military agencies. Their objective was to collect conversations and location data from targeted individuals and deliver it to Chinese authorities. Among those reportedly targeted were President Donald Trump and Vice President JD Vance during last year’s election campaign.

South Korea and the U.K. Also Targeted by Chinese Hackers

Not only the United States but also several other countries are believed to have suffered cyberattacks linked to China. In August, U.S. cybersecurity magazine Phrack reported that key South Korean government networks had been under sustained attack for the past three years. A separate study released the same month by Korea University’s Graduate School of Information Security and its Cyber Response and Digital Forensics Research Centers concluded that the attacks were most likely carried out by a Chinese organization. The report included detailed analyses of the malicious code and attack techniques used to trace the operation’s origins.

Researchers found strong similarities between the attacks and those typically associated with APT41, a China-based hacking group widely known for conducting both state-sponsored cyberespionage and financially motivated operations. Evidence pointing to Chinese involvement included traces such as Korean-language documents translated into Chinese, Chinese-language comments within code, use of Chinese-developed browser extensions, a pause in operations during China’s Dragon Boat Festival holiday, repeated logins to the Chinese video site AcFun, and attempted intrusions targeting servers in Taiwan.

More recently, China has also been accused of hacking into the British government’s confidential servers over several years. On October 16, The Times reported, citing Dominic Cummings — former chief of staff to then–Prime Minister Boris Johnson — that China had obtained vast amounts of classified information from the U.K. government. Cummings claimed that a security breach occurred inside the prime minister’s security office, known as “the bunker,” leading to the leak of top-level secrets, and that Johnson was briefed on the issue in 2020 but chose to cover it up. Senior British officials, including former Home Office security minister Tom Tugendhat, have reportedly acknowledged the existence of evidence showing that sensitive data was indeed transferred to China.