Survey of Chinese-linked Espionage in the United States Since 2000
This survey lists 137 publicly reported instances of Chinese espionage directed at the United States since 2000. It does not include espionage against other countries, U.S. firms or persons located in China, nor an additional 50 cases involving attempts to smuggle munitions or controlled technologies from the U.S. to China. We also did not include more than 1200 cases of intellectual property litigation brought by U.S. companies against Chinese entities in either the U.S. or Chinese legal systems.
For those cases where we could identify actor and intent, we found:
- 57% of actors were Chinese military or government employees.
- 36% were private Chinese citizens.
- 7% were non-Chinese actors (usually U.S. persons).
- 36% of incidents sought to acquire military technology.
- 46% of incidents sought to acquire commercial technologies.
- 18% of incidents sought to acquire information on U.S. civilian agencies or politicians.
These reported incidents are derived from open source material. The sources are footnoted. The list may not reflect the full number of incidents and may not be complete. Of the 137 incidents, the decadal breakdown is:
- 2000-2009: 27%
- 2010-2019: 73%
This could reflect an increase in the number of incidents after 2009, but it may also reflect variances in the public reporting of espionage cases, as greater attention was paid to the problem and the U.S. government reportedly became less resultant to publicly identify China as the perpetrator after 2007.
The list of individual incidents follows below.
May 2001: Beginning in January 2000, Hai Lin, Kai Xu, and Yong-Qing Cheng formed a joint venture with the Datang Telecom Technology Company of Beijing to steal trade secrets from Lucent.
2003: Chinese hackers exfiltrated national security information from Naval Air Weapons Station China Lake, including nuclear weapons test and design data, and stealth aircraft data.
April 2003: Katrina M. Leung was arrested for convincing an FBI agent to share classified information, which she passed on to China, over a ten-year period.
February 2004: Ronald N. Montaperto, a former DIA intelligence analyst, was found to have provided Chinse military attaches with Secret and Top-Secret information.
July 2004: Yan Ming Shan, a Chinese employee of a US software firm that scans land for oil, gained unauthorized access to the company’s computer system and attempted to bring it back to China.
June 2005: Noshir Gowadia, an American citizen, took six trips to China between 2003-2005 to assist with its cruise missile system by developing a stealthy exhaust nozzle and was paid at least $110,000 by China. He provided them with designs for a low-signature cruise missile exhaust system.
October 2005: Chi Mak and other Chinese intelligence operatives collected technical information about the Navy’s current and future warship technologies. Chi intended to export the information to China.
November 2005: Moo Ko-Suen was a representative for an American aerospace firm for 10 years in Taiwan, during which time he acted as an agent for the Chinese government and tried to buy sophisticated military parts and weapons, including an F-16 fighter jet engine and cruise missiles, for China.
2005: Chinese hackers infiltrated U.S. Department of Defense networks in an operation known as “Titan Rain.” They targeted U.S. defense contractors, Army Information Systems Engineering Command; the Defense Information Systems Agency; the Naval Ocean Systems Center; and, the U.S. Army Space and Strategic Defense installation.
April 2005: Chinese hackers infiltrated NASA networks managed by Lockheed Martin and Boeing and exfiltrated information about the Space Shuttle Discovery program.
May 2006: Shanshan Du stole trade secret information from General Motors for the benefit of a Chinese competitor, Chery Automobile.
June 2006: Lan Lee and Yufei Ge conspired to steal trade secrets related to computer chip design and development.
July 2006: Chinese hackers infiltrated the U.S. State Department’s unclassified network and stole sensitive information and passwords.
August 2006: Chinese hackers infiltrated the Department of Defense’s non-classified NIPRNet, downloading 10 to 20 terabytes of data.
December 2006: Xiaodong Sheldon Meng, a resident of Beijing and Cupertino California, stole military IP and trade secrets from his former employer.
December 2006: Fei Ye and Ming Zhong stole trade secrets from two American technology firms to benefit China. They intended to utilize the secrets to build microprocessors for their company, Supervisor Inc. which would share any profits made on the sale of chips to the City of Hangzhou and the Province of Zhejiang in China.
December 2006: Xiang Dong Yu stole trade secret information worth $50-100 million from Ford Motor Company for the benefit of Beijing Automotive Company.
December 2006: Chinese hackers infiltrated the U.S. Naval War College.
2007: Chinese hackers breached the Pentagon’s Joint Strike Fighter project and stole data related to the F-35 fighter jet.
January 2007: Chinese malware was discovered inside the National Defense University.
June 2007: The Department of Defense shut down a computer system serving the Secretary of Defense and attributed the attack to the PLA.
September 2007: Hackers gained access to the Department of Homeland Security’s networks through a contractor and exfiltrated unclassified information to Chinese servers.
December 2007: Chinese hackers successfully stole information from Oak Ridge National Laboratory, Los Alamos National Laboratory, and the National Nuclear Security Administration.
January 2008: Qinggui Zeng stole trade secret information related to the paint industry from an American firm for the benefit of a Chinese firm.
February 2008: Dongfan Chung, a former Boeing engineer, was charged with economic espionage and serving as a foreign agent for China. Prosecutors determined that he had been acting on Chinese orders since at least 1979. He stole Boeing trade secrets relating to the Space Shuttle, the C-17 military transport aircraft and the Delta IV rocket for China.
February 2008: Tai Shen Kuo, a U.S. citizen, was arrested for providing China with classified information between March 2007 to February 2008. Kuo obtained the information from a Pentagon weapons system policy analyst, Gregg Bergersen.
March 2008: Hanjuan Jin attempted to leave the country with 1000+ electronic and paper copies of proprietary information related to Motorola’s interstate communication feature.
May 2008: Chinese officials were accused of copying the contents of an American computer during a visit by Carlos Gutierrez, the US Secretary of Commerce.
September 2008: Anne Lockwood and Fuping Liu stole trade secret information from Metaldyne to benefit a Chinese competitor, Huafu.
November 2008: Chinese hackers infiltrated the computer networks of three major oil companies and stole trade secret information.
November 2008 : Chinese hackers infiltrated the networks of Barack Obama and John McCain’s presidential campaigns and exfiltrated information about future policy agendas.
November 2008: Chinese hackers infiltrated the computer network of the White House and obtained emails between senior government officials.
March 2009: A Chinese espionage network was discovered to have penetrated political, economic, and social institutions in 103 countries. The network was discovered when researchers were asked to investigate the Dalai Lama’s computer systems, which had been compromised.
March 2009: David Yen Lee, a technical director with Valspar Corp, illegally downloaded Valspar trade secrets with the intent of delivering them to Nippon Paint in Shanghai, where he had accepted a vice president position.
March 2009: Chinese hackers infiltrated Coca-Cola Co. computer networks and stole trade secret information, including information related to the attempted $2.4 billion acquisition of Huiyuan Juice Group.
April 2009: Yan Zhu, along with unidentified co-conspirators, planned to steal trade secrets relating to computer systems and software with environmental applications from his employer.
October 2009: Hong Meng accepted employment as a faculty member at Peking University, and thereafter began soliciting funding to commercialize his research from Dupont on Organic Light-Emitting Diodes. He shared trade secret chemical processes, including those related to OLEDs, with PKU.
March 2009: Chinese hackers stole information from the Office of Senator Bill Nelson in Florida.
November 2009: Janice Capener, a Chinese national, stole trade secret information from Orbit Irrigation for the benefit of a competing Chinese firm.
January 2010: Beginning in 2009, China carried out a series of cyberattacks to steal trade secret information from dozens of U.S. companies including Google, Yahoo, Adobe, Dow Chemical, and Morgan Stanley.
2010: The PLA infiltrated the computer network of a Civilian Reserve Air Fleet (CRAF) contractor in which documents, flight details, credentials and passwords for encrypted email were stolen.
May 2010: Glenn Shriver attempted to gain access to classified national defense information on behalf of Chinese intelligence officers.
May 2010: Chinese hackers breached the computer network of the U.S. Chamber of Commerce and stole information related to U.S. industries.
August 2010: Kexue Huang, a Chinese research scientist, stole trade secret information related to organic pesticides for the benefit of a Chinese firm.
October 2010: York Yuan Chang and Leping Huang entered into contracts with the 24 th Research Institute of the China Electronic Technology Corporation Group to design and transfer technology for the development of two types of high-performance analog-to-digital converters.
November 2010: Zhiqiang Zhang allegedly stole trade secret information from SiRF for the benefit of a competing Chinese firm.
January 2011: A Chinese company, Pangang Group, and Walter Liew attempted to steal trade secret information related to TiO2 technology from DuPont.
February 2011: Wen Chyu Liu, a research scientist, conspired to steal trade secret information from Dow for the benefit of Chinese firms.
March 2011: Sinovel, a Chinese company, stole trade secret information related to source code and designs of superconductors from AMSC.
March 2011: Press reports say that China hacked the RSA Security division of the EMC Corporation to steal information related to encryption software, compromising RSA SecureID tokens. The stolen information was used in subsequent attacks carried out by China.
April 2011: Google reported a phishing effort to compromise hundreds of Gmail passwords for accounts of prominent people, including senior U.S. officials. Google attributes the effort to China.
April 2011: Chinese hackers stole approximately 1GB of data from the Oak Ridge National Laboratory.
June 2011: Beginning in 2010, Chunlai Yang conspired to steal trade secret information related to the source code of the OS for the Globex electronic trading platform for the benefit of a Chinese firm.
August 2011 : Chinese hackers engaged in a series of cyber-attacks against 72 entities, including multiple U.S. government networks.
October 2011: Chinese hackers infiltrated at least 48 chemical and defense companies and stole trade secret information and sensitive military information.
November 2011: Chinese hackers interfered with U.S. satellites and stole sensitive data.
February 2012: Media reports say that Chinese hackers stole classified information about the technologies onboard F-35 Joint Strike Fighters.
March 2012: NASA’s Inspector General reported that 13 attacks successfully compromised NASA computers in 2011. In one attack, intruders stole 150 user credentials that could be used to gain unauthorized access to NASA systems. Another attack at the Jet Propulsion Laboratory allowed intruders to gain full access to key JPL systems and sensitive user accounts.
March 2012: Trend Micro uncovered a Chinese cyber campaign, dubbed ‘Luckycat’ that targeted U.S.-based activists and organizations, Indian and Japanese military research, as well as Tibetan activists.
June 2012: DHS reported that between December 2011 and June 2012, hackers targeted 23 gas pipeline companies and stole information that could be used for sabotage purposes. Forensic data suggests the probes originated in China.
June 2012: P.L.A. Unit 61398 attacked Digital Bond, a SCADA security company with a spear phishing attack.
August 2012: Jerry Lee, a former CIA agent, attempted to provide China with classified information about CIA activities within China.
September 2012: Employees of a semiconductor chip equipment manufacturer stole trade secrets related to high-volume manufacturing of semiconductor wafers used in electronic devices for the benefit of a competing Chinese firm.
September 2012: Chinese hackers infiltrated Telvent Canada, an industrial automation company, and stole data related to SCADA systems throughout North America.
September 2012: Sixing Liu, a Chinese national, stole technical data related to defense items and conspired to give the information to China.
September 2012: Ji Li Huang and Xiao Guang Qi attempted to steal trade secret information related to cellular glass installation for the benefit of a competing Chinese firm.
November 2012: Wenfeng Lu, a Chinese national, stole trade secret information for medical devices from American medical equipment manufacturers for the benefit a Chinese firm.
2013: The FBI warned Senator Dianne Feinstein’s office that one of her San Francisco-based drivers was a Chinese intelligence asset.
January 2013: A Defense Science Board report found that Chinese hackers stole U.S. weapons systems designs including for the PAC-3, THAAD, Aegis, F/A-18 fighter jet, V-22 Osprey, Black Hawk, and Littoral Combat Ship.
January 2013: The New York Times, Wall Street Journal, Washington Post, and Bloomberg News experienced persistent cyberattacks, presumed to originate in China.
February 2013: PLA Unit 61398 had hacked 115 U.S.-victims since 2006.
March 2013: Beginning in 2012, Chinese hackers targeted civilian and military maritime operations within the South China Sea, in addition to US companies involved in maritime satellite systems, aerospace companies and defense contractors.
May 2013: Chinese hackers compromised the U.S. Department of Labor and at least nine other agencies, including the Agency for International Development and the Army Corps of Engineers’ National Inventory of Dams.
June 2013: PLA hackers infiltrated the computer networks of the U.S. Transportation Command and stole sensitive military information.
July 2013: Tung Pham stole trade secrets from a solar technology company for the benefit of a competing Chinese firm.
September 2013: Chinese hackers targeted three US organizations, including a large American oil and gas corporation.
September 2013: Chinese hackers used malware, known as ‘Sykipot’, to target entities in the U.S. Defense Industries and companies in key industries such as: telecommunications, computer hardware, government contractors, and aerospace. In mid-2013 they targeted the US civil aviation sector.
October 2013: Chinese hackers target a U.S. based think tank.
December 2013: Six Chinese nationals conspired to steal trade secret information related to seeds from Dupont, Monsanto, and LG seeds for the benefit of Beijing Dabeinong Technology Group, a competing Chinese firm.
December 2013: Weiqiang Zhang stole trade secret information related to rice seeds from an American agricultural firm for the benefit of a Chinese firm.
February 2014: Amin Yu stole systems and components for marine submersible vehicles from U.S. manufacturers for the benefit of a state-owned entity in China.
May 2014: Chinese military hackers targeted six American companies in the power, metals, and solar production industries and stole trade secret information. The U.S. Department of Justice indicted them and identified them as members of the People’s Liberation Army Unit 61398.
June 2014: CrowdStrike reported that Unit 61398 had targeted U.S. corporations in the satellite industry.
June 2014: Jun Xie allegedly stole trade secret information from GE Healthcare to benefit a competing entity in China.
August 2014: Community Health Systems disclosed that suspected Chinese hackers infiltrated its network and stole personal information from 4.5 million patients.
August 2014: Su Bin, a Chinese national, worked with co-conspirators in China to infiltrate Boeing’s computer networks to gain access to confidential access about the C-17, the F-22, and the F-35.
August 2014: Chinese hackers infiltrated the US Investigations Services. This was one of the first steps in the 2015 OPM hack.
September 2014: Chinese company Huawei repeatedly attempted to steal trade secret information about robotics designs from T-Mobile.
September 2014: Benjamin Bishop was arrested for passing classified information between May 2012 – December 2012 to a Chinese national he was romantically involved with.
November 2014: Chinese hackers breached the U.S. Postal Service computer networks and exfiltrated data of approximately 800,000 employees.
November 2014: Yu Long worked at URTC from 2008-2014, but was recruited by the state-run Shenyang Institute of Automation in 2014. Upon departure Long stole confidential IP, trade secrets, and export-controlled technology to give to SIA for the benefit of China.
February 2015: Xudong Yao stole trade secret information relating to locomotives for the benefit of a Chinese firm.
January 2015: Chinese hackers, including Fujie Wang, infiltrated Anthem Inc., a health insurer company, and stole data concerning approximately 78.8 million people from Anthem’s computer networks.
March 2015: Canadian researchers say Chinese hackers attacked U.S. hosting site GitHub. GitHub said the attack involve a wide combination of attack vectors and used new techniques to involve unsuspecting web users in the flood of traffic to the site. According to the researchers, the attack targeted pages for two GitHub users – GreatFire and The New York Times’ Chinese mirror site – both of which circumvent China’s firewall.
April 2015: The Office of Personnel Management discovered that China had infiltrated its networks and stolen the personal information of federal employees, including security clearance information.
May 2015: Xiwen Huang, a Chinese businessman, stole confidential and trade secret information – including intellectual property – from an unnamed government research facility related to military vehicle fuel cells, for the benefit of China.
May 2015: Chinese intelligence officers infiltrated networks and exfiltrated trade secret information about turbofan engines from U.S. and European aerospace firms over the course of five years.
May 2015: Beginning in 2014, Thomas Rukavina stole and passed on trade secret information from PPG to a competing Chinese firm.
May 2015: Chinese nationals Wei Pang and Hao Zhang stole trade secrets related to the development of thin-film bulk acoustic resonator (FBAR) technology for the benefit of China.
May 2015: Chinese hackers exfiltrated significant amounts of customer data from United Airlines.
September 2015: Robert O’Rourke allegedly illegally downloaded data from his employer, an American manufacturer of cast-iron products. O’Rourke had accepted a similar position with a rival firm in China and was planning to use the stolen IP to improve the competitiveness of his new firm’s products.
November 2015: Dutch security firm Fox-IT identified a Chinese threat actor, ‘Mofang’, that had launched cyber attacks against government civilian and military agencies in the United States and other industries, including corporations conducting solar cell research.
December 2015: Chinese National Xu Jiaqiang conspired to steal source code from an unnamed US company where he worked as software developer. Xu intended to transfer the stolen code to benefit China’s National Health and Family Planning Commission.
January 2016: Tao Li and co-defendants Yu Xue & Yan Mei engaged in conspiracy to steal trade secrets from GlaxoSmithKline (GSK) for the benefit of a Chinese firm.
March 2016: Kun Shan Chun, a naturalized U.S. citizen, was sentenced to 24 months in prison for acting as an agent of China. Chun, an FBI employee with a top-secret clearance, provided a Chinese government official with sensitive, nonpublic information about FBI surveillance methods, internal organization, and identify and travel patterns of an FBI special agent.
April 2016: Szuhsiung Ho, an American nuclear engineer employed as a consultant by CGNPC, provided engineers and experts to assist CGNPC in developing nuclear material and reactors between 1997 and 2016 without authorization from DOE.
March 2017: A State Department employee with TS clearance provided copies of internal Department of State documents to Chinese intelligence officers.
April 2017: Chinese hackers targeted a U.S. think tank.
May 2017: Beginning in 2011, Hackers from the internet security firm Boyusec compromised the networks of three companies over a multi-year period and gained access to confidential documents and data, including sensitive internal communications, usernames and passwords, and business and commercial information.
June 2017: US citizen Shan Shi and Chinese national Gang Liu worked on behalf of Chinese company CBM-Future New Material Science and Technology Co. Ltd. (CBMF) to steal trade secrets related to the development of syntactic foam from an unnamed global engineering firm.
June 2017: Kevin Patrick Mallory, a former CIA officer, transferred classified documents to an agent of China’s intelligence services.
August 2017: Dong Liu attempted to obtain trade secret information from Medrobotics Corporation for China.
September 2017: China allegedly inserted malware into a widely used PC management tool. The malware targeted at least 20 major international technology firms.
October 2017: China allegedly carried out a cyberattack against a U.S. think tank and law firm, both of which were associated with fugitive Chinese tycoon Guo Wengui.
October 2017: Jerry Jindong Xu sought to help Chinese investors build a sodium cyanide plant to compete with Chemours by stealing pricing information, passwords for spreadsheets, confidential documents, and plant system diagrams from Chemours while he was employed there.
January 2018: Yi-Chi Shih and Kiet Ahn Mai stole trade secret information from Monolithic Microwave Integrated Circuit (MMIC) technology for the benefit of Chengdu GaStone Technology Company (CGTC), a competing Chinese firm.
January 2018: Chinese hackers infiltrated a U.S. Navy contractor working for the Naval Undersea Warfare Center. 614 gigabytes of material related to a supersonic anti-ship missile for use on U.S. submarines were taken, along with submarine radio room information related to cryptographic systems and the Navy submarine development unit’s electronic warfare library.
April 2018: Yanjun Xu, an MSS operative, attempted to recruit experts employed by leading American aviation companies to China, often under the guise of giving a presentation at a university.
April 2018: A cyber espionage campaign originating in China collected data from satellite, telecom, and defense organizations in the United States and Southeast Asia.
June 2018: Ron Rockwell Hansen, a former DIA officer, attempted to transmit national defense information to China.
July 2018: Xiaqing Zhang conspired to steal trade secret information from General Electric for the benefit of China.
July 2018: Xiaolang Zhang was arrested for stealing trade secret information about the circuit board of Apple’s self-driving car initiative. The case is still active as of August 2019.
September 2018: Chinese hackers breached the systems of the Starwood hotel chain in 2014. It is estimated that the personal information of up to 500 million people was stolen.
September 2018: Ji Chaoqun, a Chinese citizen residing in Chicago, worked at the behest of the Jiangsu Province Ministry of State Security (JSSD) to get biographical information on eight Chinese nationals working as engineers and scientists in the United States that the JSSD had targeted for recruitment. Some worked for U.S. defense contractors.
November 2018: Chen Zhengkun, He Jianting, and Wang Yungming stole Micron trade secrets related to dynamic random-access memory technology (DRAM) for the benefit of China.
November 2018 : Beginning in March 2017, US citizen Xiaorong You and Chinese national Liu Xiangchen conspired to steal trade secrets worth more than $100 million related to the development of BPA-free coatings. You stole trade secrets from the two American companies that employed her and provided them to Liu, whose company used them to create products that would compete with the two American companies in question.
December 2018 : A Chinese national, Hongjin Tan, was arrested for stealing trade secret information from an American petroleum company, Phillips 66, and conspiring to use to benefit a Chinese firm.
December 2018: Chinese hackers stole IP and confidential business and technological information from managed service providers – companies that manage IT infrastructure for other businesses and governments.
December 2018: Chinese hackers stole hundreds of gigabytes of data from computers of more than 45 technology companies and U.S. government agencies. The defendants also stole names, SSNs, DOBs, salary info, phone numbers, and email addresses of more than 100,000 US Navy personnel.
January 2019: A Chinese national, Jizhong Chen, stole trade secret information about autonomous vehicles from Apple to benefit a competing Chinese firm.
March 2019: Beginning in April 2017, Chinese hackers stole research from universities about maritime technology being developed for military use.
March 2019: Chinese hackers targeted Israeli defense firms that had connections to the US military.
April 2019: Chinese hackers stole General Electric’s trade secrets concerning jet engine turbine technologies.
June 2019: Haoyang Yu was arrested in connection with stealing proprietary information from Analog Devices, a U.S. semiconductor company.
June 2019: Since at least 2017, Chinese hackers exfiltrated Call Detail Records (CDRs) from telecommunication companies to track dissidents, officials, and suspected spies.
July 2019: Chinese hackers targeted three U.S. utility companies with a phishing campaign to gain access to computer networks.
August 2019: State-sponsored Chinese hackers conducted a spear-phishing campaign against employees of three major U.S. utility companies.
August 2019: A previously unidentified Chinese espionage group, APT41, was found to have worked since 2012 to gather data from firms in telecommunications, healthcare, semiconductor manufacturing, and machine learning. The group was also active in the theft of virtual currencies.
We would like to thank Evan Burke, Matthew Serrone, Khristal Thomas, and Arthur Nelson for their contributions to this timeline.