China’s Salt Typhoon hacking campaign has taken on new urgency with revelations it may have compromised the data of millions of Australians. This demonstrates how cyber operations have evolved beyond merely gathering intelligence.

When first identified by US government partners back in mid-2023, the campaign by the Salt Typhoon group was assessed as a targeted espionage effort against US and allied government systems. It involved stealthy intrusions, selective data theft and probing of networks in a handful of countries. At the time, the effect was thought to be limited and largely confined to government targets.

But August 2025 disclosures have shown just how broad the campaign truly has been. The Australian Signals Directorate, working with 20 foreign partners, has publicly attributed the operation to Beijing’s Ministry of State Security and People’s Liberation Army. The US Federal Bureau of Investigation now assesses that Salt Typhoon has struck dozens of countries, sweeping up telecommunications, transport, lodging and civilian data on a massive scale.These operations may have reached virtually every Australian household and millions more across partner nations.

Cyber operations now function as tools for coercion and competition, influencing the balance of power across the Indo-Pacific. They are central to rivalry. Even as governments invest in resilience and attempt to set boundaries, the persistent tension between the United States and China ensures that new vulnerabilities and threats will continue to emerge.

The Indo-Pacific is the epicentre of 21st-century competition. China and the US vie for influence, while South Korea, India, Japan and Southeast Asian countries all face mounting digital vulnerabilities. With the digital economy of Southeast Asian nations expected to surpass US$1 trillion by 2030, growth is driving their prosperity but also compounding risk.

Chinese-sponsored hackers have been targeting critical infrastructure for a long time. Suspected Chinese hackers disrupted India’s port logistics in 2020, and repeated intrusions have targeted Japanese, South Korean and Australian energy grids, telecom systems and government networks. Cyber operations are applied to traditional hotspots—such as the South China Sea and the Taiwan Strait—by threatening disruption without any shots being fired.

Beyond the sheer number of cyber incidents, patterns in their objectives distinguish cyber operations in the Indo-Pacific from those in other regions. Three stand out: probing, pressuring, and threshold testing.

Probing operations aim to identify and target system vulnerabilities. Chinese threat group APT41 often employs this method. The group has conducted espionage operations across healthcare, telecoms and government agencies for many years. North Korea’s Lazarus Group has perfected a distinct form of probing: cyber-heists, ranging from the 2016 Bangladesh Bank hack to ongoing cryptocurrency thefts that directly fund Pyongyang’s weapons programs. These operations map vulnerabilities and generate funds, while staying below the threshold of conventional war.

Australia has been a repeated target of pressuring tactics, with the breaches of critical infrastructure widely interpreted as signaling that Canberra’s alignment with Washington has costs. Taiwan is another case in point. During its 2024 elections, disinformation campaigns, distributed denial-of-service attacks on government portals, and breaches of media outlets sought to undermine confidence in the democratic process. These pressures were synchronised with more visible coercion, such as military exercises and air incursions, illustrating how digital operations complement kinetic manoeuvres.

Some cyber campaigns appear to be aimed at threshold-testing, blurring the line between espionage and sabotage. In the Vietnam–China cyber clashes related to South China Sea disputes, Vietnamese hackers allegedly targeted Chinese government websites. Similarly, the 2021 Japan Olympics cyberattacks, which some attributed to Russian actors, demonstrated how geopolitical rivalries could extend into civilian life. Together, these incidents outline a region where states and non-state actors continually challenge each other’s resolve. Skirmishes might not cause immediate destruction, but they foster digital coercion and raise the risk of escalation.

Cyber campaigns are not just harassment; some signal a potential for escalation. Attacks against Taiwan’s government networks have spiked during Chinese military drills, showing how cyber and kinetic tools are increasingly integrated.

The danger lies in miscalculation. A ransomware strike that disrupts Japan’s energy grid or South Korea’s financial sector could be interpreted as state-backed aggression, prompting military responses. In cyberspace, where attribution is murky and timeframes are compressed, escalation could outrun diplomacy. Repeated incidents also risk normalising cyber coercion as a standard tool of statecraft. If probing and pressure go unchallenged, adversaries will keep pushing until the region faces a full-scale digital confrontation. The Indo-Pacific has become a laboratory for cyber conflict, setting global precedents. Europe, Latin America and Africa should watch closely: today’s coercion in Asia could become tomorrow’s global standard.

Cyber skirmishes in the Indo-Pacific mark the cutting edge of strategic competition, where adversaries test limits and normalise coercion. The region’s growing dependence on digital infrastructure, combined with its strategic volatility, makes it a perilous testing ground for cyber conflict globally. The choice is stark: treat these incidents as minor disruptions until one sparks a crisis, or act to strengthen resilience, deepen cooperation and set rules for responsible behaviour in cyberspace. If governments fail, adversaries will decide the thresholds for acceptable action—and by then it may be too late.