Skip to content
ITIF Logo
ITIF Search
From Trade Deals to Trojan Horses: China’s Expanding Digital Aggression on Europe

From Trade Deals to Trojan Horses: China’s Expanding Digital Aggression on Europe

August 1, 2025

As the European Union considers closer cooperation with China on trade, technology, infrastructure, and energy, Chinese state-backed hackers are conducting a consistent and escalating campaign of cyber aggression. These attacks target Europe’s sovereignty, security, and stability, reflecting a long-term strategy to establish covert surveillance and potential first-strike capabilities. As the EU debates its future political and economic relationship with China, it should confront the risks of cooperating with a regime that persistently weaponizes cyberspace against EU member states and allies.

While Chinese cyber aggression is not new, from 2020 to 2025, the EU and its member states have faced cyber operations designed to steal intellectual property, exploit research institutions, surveil lawmakers, and infiltrate vital infrastructure such as telecommunications networks. In 2020 and 2021, state-sponsored groups like Hafnium and APT31 launched high-impact campaigns across Europe. During the COVID-19 pandemic, Chinese hackers targeted vaccine laboratories in Germany and other EU countries to steal sensitive research data. Hafnium exploited a previously unknown vulnerability in Microsoft Exchange servers, breaching the private communications of government agencies, research institutions, and private firms, including the European Banking Authority and the Norwegian Parliament. Around the same time, APT31 targeted members of the Finnish Parliament, aiming to surveil and potentially influence democratic decision-making.

By 2023 and 2024, Chinese cyber operations shifted from institutional espionage to deep infrastructure infiltration. Chinese state-backed hacking groups such as Volt, Salt, and Flax Typhoon compromised major telecommunications providers, including T-Mobile and others, across Europe. These breaches granted indirect access to critical systems reliant on telecom infrastructure, including power grids, pipelines, and hospitals, aiming to create long-term access for surveillance or sabotage in the event of a geopolitical crisis. Simultaneously, Chinese actors attempted to breach EU parliamentary networks during sensitive debates on Taiwan and human rights in Xinjiang, signaling efforts to monitor or even influence policymaking.

In 2025, this pattern continues. Earlier this year, the Czech Republic confirmed that a sophisticated Chinese cyber operation had targeted its Foreign Ministry in an attempt to access diplomatic cables, communications with Taiwan, and sensitive EU-China negotiation materials. Meanwhile, cybersecurity agencies across Europe have warned of Chinese groups probing cloud infrastructure and compromising third-party software vendors. These actions appear designed to implant backdoors that China could later activate for intelligence gathering or disruption.

This five-year timeline reveals that Chinese cyber operations against Europe are not random or isolated; rather, they are coordinated, strategic, and intensifying. Far from simple espionage, these attacks serve as tools of political leverage and coercion, exploiting Europe’s open digital infrastructure while violating its democratic principles and attacking European sovereignty. Whether targeting lawmakers, laboratories, or logistics networks, China’s cyber strategy seeks to erode European resilience from within. It is not enough to lock the front door; Europe needs smarter defenses against backdoor intrusions and silent actors already inside.

While some EU leaders call for pragmatic engagement with China, this pattern of attacks highlights the hidden costs, increased vulnerability, political interference, and long-term security risks that China currently presents. EU policymakers should confront a fundamental contradiction—how can they pursue a partnership with a government that systematically targets them as a digital adversary? Until the EU demonstrates that cyber aggression carries real consequences for trade relationships—and does more than issue hollow statements condemning Chinese cyber attacks—China has every reason to continue these attacks while simultaneously seeking deeper economic integration.

If Europe is serious about defending its democratic values and critical infrastructure, it should rethink the wisdom of deepening ties with an actor engaged in systemic hostility. The path forward lies in strengthening cyber defenses to protect the continent’s sovereignty, continuing to rely on trusted allies, and creating real consequences for adversaries that engage in cyberattacks.

Back to Top