Start your day with intelligence. Get The OODA Daily Pulse.
How Chinese Cyber Espionage Is Powering Its Cognitive Warfare Program
In 2026, the contours of conflict have changed. China’s cyber espionage apparatus is no longer a mere data-theft machine—it has become a foundational engine for cognitive warfare. Beijing’s strategic design integrates the extraction of massive datasets and clandestine access to foreign communications with the capacity to shape perceptions and influence behaviors across entire societies. The end game isn’t just collecting secrets and sensitive information for decision makers, it’s narrative advantage. Chinese cyber espionage now feeds psychological operations, influence campaigns, and anticipatory manipulation. These efforts are not peripheral; they are central to the People’s Republic of China’s evolving doctrine of “intelligentized warfare,” where data, artificial intelligence (AI), and perception management are fused to achieve strategic ends. Cyber espionage is no longer the end state. It is the supply chain.
Salt Typhoon – Listening First, Acting Second
One of the most consequential Chinese cyber espionage campaigns in recent years is the advanced persistent threat tracked in cybersecurity advisories as Salt Typhoon. This state-linked actor, attributed to China’s Ministry of State Security, has conducted sustained incursions into telecommunications infrastructure worldwide, including major internet service providers and backbone routing systems. According to joint U.S. cyber advisories, these intrusions target routers and network devices that allow persistent access to sensitive traffic flows, enabling the collection of communications metadata and potentially call records.
If Chinese intelligence can anticipate internal disagreements or controversy, it can amplify discord through coordinated online personas, effectively shaping public debate before policy is even publicly discussed. This isn’t just espionage for analysis; it is espionage for timing.
PII Theft Feeds Smaller Aperture Targeting
China’s history of large-scale data theft is well documented. The 2015 Office of Personnel Management breach, widely attributed to Chinese state-linked actors, exposed the personal records of over 20 million U.S. government personnel. Such breaches, alongside compromises of health insurers, financial services, and industrial databases, feed Beijing an invaluable repository of personally identifiable information (PII) that can be leveraged for additional more precise targeting operations.
Espionage Component: Centralization of detailed PII such as fingerprints, financial history, health records, and employment data on a scale rarely seen outside government intelligence archives.
Cognitive Bolstering: With AI analytics trained on stolen PII, state actors can predict individual and group vulnerabilities, enabling more precise influence content creation. Messages can be tailored to exploit economic anxieties, health fears, or social grievances, rendering propaganda intensely personal and psychologically resonant.
AI-powered segmentation of stolen data potentially converts the intangible behavioral and cognitive processes into persuadable content with intended outcomes.
Taiwan: Deepfakes and Cross-Strait Influence
Taiwan has been a focal testing ground for advanced Chinese information operations. Official reports and independent cybersecurity tracking show an extraordinary volume of daily cyber intrusions linked to Chinese actors more than 2.5 million attacks per day in 2025 alone, targeting critical services and government systems. Here, espionage feeds the fabrication of content to support influence campaigns.
Espionage Component: Intrusions into private cloud storage and personal media accounts provide raw audiovisual material such as voice memos, unguarded video, etc., that can be recombined into synthetic media; that is, the process where original, authentic content (such as photos, videos, or voice recordings of a real person) is taken, broken down, and digitally altered or merged with other data by AI to create new content for follow-on espionage activities.
Cognitive Bolstering: Deepfake content generated from authentic, stolen samples is far harder to debunk. Such materials can be deployed with strategic timing around elections or crises, undermining public trust, heightening fears of societal collapse, or amplifying political polarization. This aligns with Taiwan’s own defense warnings about hybrid campaigns and deepfake use targeting society and governance.
When reality itself becomes suspicious, skepticism becomes a tool for manipulation.
Volt Typhoon: Pre-Positioning Influence Through Threat
Chinese cyber actors have also gone beyond data theft, directly embedding themselves within U.S. critical infrastructure networks. Groups like Volt Typhoon have been linked to persistent access inside systems for energy, transportation, communication, and water utilities. This level of pre-positioning suggests contingency planning for potential crisis scenarios, particularly in the context of geopolitical flashpoints such as Taiwan. By maintaining stealthy footholds in civilian infrastructure, Beijing preserves the option to disrupt logistics, communications, or essential services at a moment of strategic choosing.
Espionage Component: Long-term footholds in critical infrastructure, often hidden beneath legitimate user traffic and designed to evade detection.
Cognitive Bolstering: The psychological effect of such access is strategic: even in the absence of overt sabotage, the awareness of vulnerability signals to foreign publics and policymakers that everyday life could be at risk, as evidence by how this activity has risen to the forefront of U.S. lawmakers. This generates societal pressure on governments to avoid confrontation and prioritize stability over confrontation. Long-term persistence becomes a tool of reverse deterrence—where fear of disruption influences national policy.
This is reflexive control in practice: manipulate adversary behavior by shaping perceptions of risk.
Policy Considerations
If cyber espionage now feeds cognitive warfare, defensive strategy must evolve:
Chinese cyber espionage can no longer be viewed purely as technical compromise. Its evolution into a cognitive warfare support system harmonizes long-term access, data theft, and influence operations into a single strategic arc. Network access has become narrative access.
Data stolen today becomes public perception influenced tomorrow. The battlespace extends beyond routers and endpoints; it reaches into beliefs, fears, and choices.
More consequentially, this strategy blurs the line between peacetime competition and wartime preparation. The presence of dormant access alone can alter deterrence dynamics, forcing policymakers to account for the possibility that escalation abroad could trigger disruption at home. In this sense, infrastructure intrusions function not merely as operational preparation, but as instruments of psychological leverage, embedding strategic uncertainty directly into the fabric of everyday life. If democratic societies fail to adapt, the cognitive arena will potentially become the decisive front in tomorrow’s conflicts.