China is increasingly leveraging the expertise of “white hat” hackers to bolster its offensive cyber capabilities.

According to a report by Nikkei, along with data gathered by cybersecurity firm Trend Micro, there has been a significant uptick in cyberattacks linked to China since 2021, when the Chinese government mandated that any discovered software vulnerabilities must be reported to the Ministry of Industry and Information Technology (MIIT) within 48 hours. The new regulation has led to suspicions that these vulnerabilities are being exploited by state-sponsored hacker groups before patches are developed, raising alarm in Europe and the US.

White hat hackers, who traditionally engage in “bug hunting”—the process of identifying security flaws and reporting them to developers for a reward—now face mandatory reporting requirements under Chinese law. The regulation has sparked concerns that the Chinese government could potentially weaponize these vulnerabilities, using them in cyberattacks against other nations.

In 2021, the first year of the mandatory reporting, there were 16 recorded attacks exploiting such vulnerabilities. By 2022, that number had surged to 267, and in 2023 it nearly doubled again to 502. The trend appears to be continuing, with 242 attacks already recorded in the first half of 2024.

“In the past, phishing was the predominant method of cyberattack, where victims were tricked into downloading malware via email. Now, however, attacks exploiting vulnerabilities have become the mainstream,” explained Katsuyuki Okamoto, a cybersecurity expert at Trend Micro. He added that while other nations, like Russia, have shown similar shifts, China has made the most pronounced changes in its cyber strategy.

The skills of Chinese white hat hackers have long been recognized on the global stage. Chinese participants have consistently dominated Pwn2Own, the world's largest hacking competition, capturing a growing share of the prize pool—up from 13% in 2014 to 79% in 2017. However, in 2018, China barred its hackers from participating in overseas competitions, focusing instead on domestic events like the Tianfu Cup, which has become the country's premier cybersecurity contest.

Cybersecurity experts suggest that vulnerabilities uncovered during such competitions are being utilized by the Chinese government. Leaked documents, reportedly from Chinese cybersecurity firm i-Soon, have revealed discussions indicating that the company has provided tools developed from these vulnerabilities to Chinese state security. One such tool was allegedly used to extract data from iPhones remotely.

Taiwan-based cybersecurity firm TeamT5, which analyzed the leaked files, reports that i-Soon employs many hackers who identify as white hats but are engaged in work commissioned by state security. The company is also accused of selling data stolen from 18 countries, including Taiwan and India.