By 2025, China’s Ministry of State Security (MSS) has entrenched itself as the world’s most aggressive cyber espionage agency. Once reliant on PLA units like 61398, MSS now directs a global web of Advanced Persistent Threats (APTs), APT10, APT40, APT41, Mustang Panda that dominate cyberspace.
Recent threat intelligence underscores the scale, Trellix’s Q1 2025 report attributes 46% of all detected APT activity worldwide to Chinese actors, with APT41 alone surging 113% in a single quarter. In August 2025, U.S. and allied advisories confirmed MSS-linked groups exploiting telecom routers and hospitality networks, reinforcing its ability to infiltrate critical infrastructure across continents.
The 2024 Salt Typhoon hack exemplifies this evolution, where MSS actors breached multiple U.S. telecom giants, gaining unprecedented metadata control. This reflects Beijing’s dual strategy $600 billion in annual IP theft (U.S. estimates) and “pre-positioning” for potential disruption in strategic sectors.
This is an immediate threat for India. The i-Soon leaks (2024) exposed MSS efforts to steal 95 GB of Indian immigration data and probe Air India, Reliance, and the Prime Minister’s Office. Earlier, “RedEcho” targeted India’s power grids during border tensions. These incidents highlight an asymmetry: China’s offensive cyber ecosystem is systemic, while India’s CERT-In and NTRO remain largely reactive.
MSS has thus fused espionage, economic theft, and psychological operations into a doctrine of cyber statecraft, shaping not just U.S.-China rivalry but also India’s strategic calculus.
