The **MIVD**, in its annual report released Tuesday, stated that China now likely stands on equal footing with the United States in offensive cyber capabilities. This assessment contrasts with the U.S. Office of the Director of National Intelligence's 2025 threat assessment, which acknowledged China's ability to compromise U.S. infrastructure but stopped short of declaring parity. According to the MIVD, the sophistication of Beijing's cyber operations means they are regularly missed by intelligence agencies and cybersecurity defenders. "Detection, response, and mitigation are often inadequate against the extensive and professional Chinese cyber threat," the report states. The agency estimates that only a limited proportion of Chinese cyber operations against Dutch interests are detected and subsequently mitigated. The report details previously unreported information about **PLA** hacking units, noting that in 2025, multiple components within the same unit were competing to find vulnerabilities in a particular type of edge device. This aligns with a recent report from **Google**'s Threat Intelligence Group, which stated that China-linked groups had doubled their zero-day exploitation in 2025 and remain the most prolific state-sponsored users of previously unknown vulnerabilities. The MIVD attributes China's improved cyber capabilities to the PLA's 2024 cyber restructuring, which dissolved its Strategic Support Force and created a standalone Cyberspace Force. This reorganization has enabled Chinese hackers to continuously adapt their tooling and infrastructure and respond flexibly to opportunities and changing circumstances. The agency forecasts a further increase in campaigns aimed at exploiting vulnerabilities, including in edge devices such as routers, firewalls, and VPN solutions, in 2026. In 2025, a Chinese cyberespionage campaign tracked as **Salt Typhoon** and **RedMike** gained access to routers at smaller Dutch hosting and internet service providers. The Dutch Ministry of Defence had previously confirmed these attacks, though they believed the hackers did not penetrate beyond the router level into internal networks. The MIVD describes telecommunication firms as priority targets for Chinese hackers due to the valuable information that can be obtained from them. In August 2025, Dutch services joined a 13-country advisory attributing the campaign to three Chinese technology companies working on behalf of Beijing. ## Whole of Society Approach The Dutch intelligence services have been increasingly publicizing Chinese intrusion attempts. In February 2024, they revealed that Chinese hackers had breached a compartmentalized Dutch Ministry of Defence network by exploiting a **FortiGate** vulnerability and deploying malware named **COATHANGER**. A subsequent investigation found that the same campaign had infected at least 20,000 FortiGate systems worldwide, with the MIVD warning that infections remained difficult to identify and remove. At the time, Dutch Defence Minister Kajsa Ollongren emphasized the importance of attributing such espionage activities to China to increase international resilience against this type of cyber espionage. The MIVD's report echoes other Western assessments describing China's intelligence operations as running on a "whole of society approach." Beijing's legal framework requires all Chinese citizens, companies, and organizations to cooperate with state intelligence. Such cooperation became a criminal offense in the Netherlands under amended espionage law in 2025. China is also actively targeting Dutch researchers, businesses, and universities, seeking technology from the semiconductor, quantum computing, and aerospace sectors. Chinese hackers are putting Dutch and allied cyber defenses to the test through groups that structurally target the European Union and NATO, as well as others that opportunistically target vulnerable networks. The report cautions that China can now better integrate offensive cyber capabilities with military operations, echoing warnings about **Volt Typhoon**, the PLA-linked group assessed by U.S. officials and Five Eyes partners as pre-positioning implants in Western critical infrastructure for potential activation in a future conflict, most likely triggered by Taiwan. The MIVD separately noted that China has never excluded the use of military means to annex the island. <a href="https://www.recordedfuture.com/platform?mtm_campaign=ad-unit-record" rel="noopener noreferrer">Learn more.</a> []()