American officials were alarmed in 2023 when they discovered that Chinese state-controlled hackers had infiltrated critical U.S. infrastructure with malicious code that could wreck power grids, communications systems and water supplies. The threat was serious enough that William J. Burns, the director of the C.I.A., made a secret trip to Beijing to confront his Chinese counterpart.

2023年，美国官员震惊地发现中国政府控制的黑客在美国关键基础设施中植入恶意代码，可能破坏电网、通信系统和供水系统。威胁的严重性促使中央情报局局长威廉·伯恩斯秘密前往北京，与中方对口官员正面交涉。

He warned China’s minister of state security that there would be “serious consequences” for Beijing if it unleashed the malware. The tone of the meeting, details of which have not been previously reported, was professional and it appeared the message was delivered.

他警告中国的国家安全部长，若北京启用该恶意软件，将面临“严重后果”。这次会晤的细节此前从未披露。会谈气氛是专业的，信息似乎已被有效传达。”

But since that meeting, which was described by two former U.S. officials, China’s intrusions have only escalated. (The former officials spoke on the condition of anonymity because they were not authorized to speak publicly about the sensitive meeting.)

但据两位前美国官员描述，自那次会晤后，中国的侵入行为反而加剧了。（由于未获授权公开讨论这一敏感会晤，这两位前官员要求匿名。）

American and European officials say China’s Ministry of State Security, the civilian spy agency often called the M.S.S., in particular, has emerged as the driving force behind China’s most sophisticated cyber operations.

美国和欧洲官员表示，中国的国家安全部——一个民事情报机构，常简称为MSS——尤其成为中国这场最复杂的网络行动的主要推手。

In recent disclosures, officials revealed another immense, yearslong intrusion by hackers who have been collectively called Salt Typhoon, one that may have stolen information about nearly every American and targeted dozens of other countries. Some countries hit by Salt Typhoon warned in an unusual statement that the data stolen could provide Chinese intelligence services with the capability to “identify and track their targets’ communications and movements around the world.”

近期披露显示，官员们揭露了被称为“盐台风”的黑客团体实施的另一场持续多年的大规模入侵，可能已窃取了几乎每个美国人的信息，并锁定了数十个其他国家。一些受“盐台风”攻击的国家在罕见声明中警告，窃取的数据可能使中国情报机构具备“识别和跟踪目标对象全球通信及行动”的能力。

The attack underscored how the Ministry of State Security has evolved into a formidable cyberespionage agency capable of audacious operations that can evade detection for years, experts said.

专家指出，这次攻击凸显出国家安全部已发展成为一个强大的网络间谍机构，能够实施大胆行动且多年不被察觉。

For decades, China has used for-hire hackers to break into computer networks and systems. These operatives sometimes mixed espionage with commercial data theft or were sloppy, exposing their presence. In the recent operation by Salt Typhoon, however, intruders linked to the M.S.S. found weaknesses in systems, burrowed into networks, spirited out data, hopped between compromised systems and erased traces of their presence.

几十年来，中国一直使用雇佣的黑客入侵计算机网络和系统。这些黑客有时会将间谍活动和商业数据盗窃混杂在一起，有时因操作不慎暴露行踪。然而，在近期“盐台风”的行动中，与国家安全部有关联的入侵者通过挖掘系统弱点潜入网络，窃取数据，在被攻破的系统间跳转，并清除活动痕迹。

2020年在东莞，某中国黑客组织的成员在自己的电脑上监测全球网络攻击。

“Salt Typhoon shows a highly skilled and strategic side to M.S.S. cyber operations that has been missed with the attention on lower-quality contract hackers,” said Alex Joske, the author of a book on the ministry.

著有一本有关该部著作的亚历克斯·约斯克表示：“‘盐台风’显示了国家安全部网络行动的高技能和战略性，此前人们更关注低质量的雇工黑客而忽略了这一点。”

For Washington, the implication of China’s growing capability is clear: In a future conflict, China could put U.S. communications, power and infrastructure at risk.

对华盛顿而言，中国日益增强的能力意味着：在未来冲突中，中国可能威胁美国的通信、电力和基础设施。

China’s biggest hacking campaigns have been “strategic operations” intended to intimidate and deter rivals, said Nigel Inkster, a senior adviser for cybersecurity and China at the International Institute for Strategic Studies in London.

伦敦国际战略研究所网络安全与中国问题高级顾问奈杰尔·因克斯特表示，中国的最大黑客行动是旨在威慑和遏制对手的“战略行动”。

“If they succeed in remaining on these networks undiscovered, that potentially gives them a significant advantage in the event of a crisis,” said Mr. Inkster, formerly director of operations and intelligence in the British Secret Intelligence Service, MI6. “If their presence is — as it has been — discovered, it still exercises a very significant deterrent effect; as in, ‘Look what we could do to you if we wanted.’”

“若能持续潜伏于这些网络而不被发现，他们在危机爆发时将获得显著优势，”曾任英国秘密情报机构MI6行动与情报主任的因克斯特说，“即使他们的存在被发现——正如现在的情况——仍具有强大的威慑效果，相当于在说，‘你看，我们想做什么就能做什么。’”

The Rise of the M.S.S.

国家安全部的崛起

China’s cyber advances reflect decades of investment to try to match, and eventually rival, the U.S. National Security Agency and Britain’s Government Communications Headquarters, or GCHQ.

中国在网络领域的进步反映了数十年来的持续努力，目标是追赶并最终抗衡美国国家安全局和英国政府通信总部（简称GCHQ）。

China’s leaders founded the Ministry of State Security in 1983 mainly to track dissidents and perceived foes of Communist Party rule. The ministry engaged in online espionage but was long overshadowed by the Chinese military, which ran extensive cyberspying operations.

中国领导人于1983年组建国家安全部，主要用于跟踪异见人士和共产主义统治的潜在敌人。该部门从事网络间谍活动，但相比开展大规模网络间谍行动的中国军方，国安部很长时间里在该领域并不突出。

After taking power as China’s top leader in 2012, Xi Jinping moved quickly to reshape the M.S.S. He seemed unsettled by the threat of U.S. surveillance to China’s security, and in a 2013 speech pointed to the revelations of Edward J. Snowden, the former U.S. intelligence contractor.

2012年习近平成为中国最高领导人后，迅速重塑国家安全部。他似乎因美国监控对中国国家安全构成的威胁感到不安，并在2013年的一次讲话中提到前美国情报承包商爱德华·斯诺登的揭露。

Mr. Xi purged the ministry of senior officials accused of corruption and disloyalty. He reined in the hacking role of the Chinese military, elevating the ministry as the country’s primary cyberespionage agency. He put national security at the core of his agenda with new laws and by establishing a new commission.

习近平清洗了国安部被控腐败和不忠的高级官员，收紧了中国军方的黑客角色，将国家安全部提升为主要的网络间谍机构。他通过立法并设立一个新委员会将国家安全置于议程核心。

在2013年于北京举行的全国人民代表大会上，习近平当选国家主席。掌权后，习近平迅速采取行动，重塑国家安全部。

“At this same time, the intelligence requirements imposed on the security apparatus start to multiply, because Xi wanted to do more things abroad and at home,” said Matthew Brazil, a senior analyst at BluePath Labs who has co-written a history of China’s espionage services.

“与此同时，对安全机构的情报需求成倍增加，因为习近平希望在国内外做更多事情，”BluePath Labs高级分析师、与他人合著了一本讲述中国情报机构历史书的马修·巴西表示。

Since around 2015, the M.S.S. has moved to bring its far-flung provincial offices under tighter central control, said experts. Chen Yixin, the current minister, has demanded that local state security offices follow Beijing’s orders without delay. Security officials, he said on a recent inspection of the northeast, must be both “red and expert” — absolutely loyal to the party while also adept in technology.

专家们称，从2015年前后开始，国家安全部将各省分支机构置于更严格的中央控制之下。现任部长陈一新要求地方国安部门毫不迟疑地执行北京的命令。他在近期视察东北地区时表示，国安干部必须“又红又专”——对党绝对忠诚，同时精通技术。

“It all essentially means that the Ministry of State Security now sits atop a system in which it can move its pieces all around the chessboard,” said Edward Schwarck, a researcher at the University of Oxford who is writing a dissertation on China’s state security.

牛津大学研究中国国家安全的研究员爱德华·施瓦茨表示：“这本质上意味着国家安全部现在掌控着一个系统，可以在棋盘上随意移动棋子。”他正在撰写关于中国国家安全的论文。

Mr. Chen was the official who met with Mr. Burns in May 2023. He gave nothing away when confronted with the details of the cyber campaign, telling Mr. Burns he would let his superiors know about the U.S. concerns, the former officials said.

2023年5月伯恩斯访华面见的官员就是陈一新。前官员透露，面对美方摆出的网络行动细节，他不露声色，仅表示会向其上级转告美国的关切。

The Architect of China’s Cyber Power

中国网络力量的设计者

The Ministry of State Security operates largely in the shadows, its officials rarely seen or named in public. There was one exception: Wu Shizhong, who was a senior official in Bureau 13, the “technical reconnaissance” arm of the ministry.

国家安全部大多在暗中运作，其官员鲜少公开露面或被指名道姓地提及。吴世忠是一个例外，他曾是第十三局——安全部“技术侦查”部门——的高级官员。

Mr. Wu was unusually visible, turning up at meetings and conferences in his other role as director of the China Information Technology Security Evaluation Center. Officially, the center vets digital software and hardware for security vulnerabilities before it can be used in China. Unofficially, foreign officials and experts say, the center comes under the control of the M.S.S. and provided a direct pipeline of information about vulnerabilities and hacking talent.

吴世忠是一个反常的高调人物，以他的另一个身份——中国信息安全评测中心主任——参加会议和研讨会。该中心表面上为中国使用的数字软硬件审查安全漏洞，但外国官员和专家表示，该中心受国家安全部控制，为其提供漏洞和黑客人才的直接信息渠道。

Mr. Wu has not publicly said he served in the security ministry, but a Chinese university website in 2005 described him as a state security bureau head in a notice about a meeting, and investigations by Crowd Strike and other cybersecurity firms have also described his state security role.

吴世忠从未公开承认在国家安全部任职，但2005年中国一所大学网站在会议通知中称他在国家安全部任局长，Crowd Strike等网络安全公司的调查也描述了他的角色。

“Wu Shizhong is widely recognized as a leading figure in the creation of M.S.S. cyber capabilities,” said Mr. Joske.

约斯克表示：“吴世忠被广泛认为是国家安全部网络能力创建的领军人物。”

In 2013, Mr. Wu pointed to two lessons for China: Mr. Snowden’s disclosures about American surveillance and the use by the United States of a virus to sabotage Iran’s nuclear facilities. “The core of cyber offense and defense capabilities is technical prowess,” he said, stressing the need to control technologies and exploit their weaknesses. China, he added, should create “a national cyber offense and defense apparatus.”

2013年，吴世忠指出中国应吸取两点经验：斯诺登揭露的美国监控和美国用病毒破坏伊朗核设施的行动。“网络攻防能力的核心是技术实力，”他说，强调需控制技术并利用其弱点，建议中国打造“国家网络攻防体系”。

China’s commercial tech sector boomed in the years that followed, and state security officials learned how to put domestic companies and contractors to work, spotting and exploiting flaws and weak spots in computer systems, several cybersecurity experts said. The U.S. National Security Agency has also hoarded knowledge of software flaws for its own use. But China has an added advantage: It can tap its own tech companies to feed information to the state.

随后几年，中国商业科技行业蓬勃发展，多位网络安全专家表示，国家安全官员已经学会利用国内公司和承包商为其工作，发现并利用计算机系统的漏洞和弱点。美国国家安全局也囤积软件漏洞知识供己用，但中国有额外优势：可利用本国科技公司为国家提供信息。

今年在上海举行的世界人工智能大会。

“M.S.S. was successful at improving the talent pipeline and the volume of good offensive hackers they could contract to,” said Dakota Cary, a researcher who focuses on China’s efforts to develop its hacking capabilities at SentinelOne. “This gives them a significant pipeline for offensive tools.”

“国家安全部成功改善了人才输送渠道，积累了大量可供其调遣的进攻性黑客，”SentinelOne研究员达科塔·卡里表示。“这成了他们获取进攻手段的重要渠道。”

The Chinese government also imposed rules requiring that any newly found software vulnerabilities be reported first to a database that analysts say is operated by the M.S.S., giving security officials early access. Other policies reward tech firms with payments if they meet monthly quotas of finding flaws in computer systems and submitting them to the state security-controlled database.

中国政府还规定，新发现的软件漏洞需首先报告给一个数据库——分析人士称该数据库由国家安全部运营——让安全官员优先获取。还有一些政策奖励科技公司发现漏洞并提交到安全部控制的数据库，每月达到一定额度可获报酬。

“It’s a prestige thing and it’s good for a company’s reputation,” Mei Danowski, the co-founder of Natto Thoughts, a company that advises clients on cyber threats, said of the arrangement. “These business people don’t feel like they are doing something wrong. They feel like they are doing something for their country.”

“这是一件光荣的事，有利于公司的声誉，”Natto Thoughts联合创始人梅·达诺夫斯基谈到这一安排时表示，该公司为客户提供网络威胁咨询服务。“这些商人不觉得自己做错了什么。他们觉得自己是在为国家出力。”