In a rare and significant move, Chinese officials privately acknowledged to their U.S. counterparts that Beijing-linked hackers were behind cyber intrusions into critical American infrastructure, according to a report by The Wall Street Journal.

The acknowledgment came during closed-door discussions held as part of efforts to reduce tensions and improve bilateral communication on cybersecurity and national security.

The private talks reportedly took place in late 2023 or early 2024, with U.S. officials pressing China over malicious cyber operations, particularly those involving Volt Typhoon—a state-sponsored group linked to the Chinese government.

This group had been previously identified by Microsoft and U.S. cybersecurity agencies as targeting critical infrastructure sectors such as:

• Telecommunications

• Energy

• Water utilities

• Transportation networks

According to the WSJ, the Chinese delegation did not issue a blanket denial, which marks a notable shift from its typical stance of rejecting any involvement in cyberattacks.

Instead, they acknowledged knowledge of the activity and offered limited commentary on the extent or purpose of the operations.

U.S. intelligence and national security officials interpreted the admission as a significant development, possibly opening a path to more direct dialogue on norms of cyber behavior.

However, they remain skeptical about any lasting change in China’s operational intent. The U.S. continues to bolster its cyber defenses and conduct investigations into persistent threats from foreign actors.

A senior U.S. official told the WSJ that the Chinese acknowledgment was “unusual” and not a formal admission of wrongdoing, but it reflected internal awareness within the Chinese leadership.

In May 2023, Microsoft publicly disclosed the existence of Volt Typhoon, describing it as a stealthy Chinese threat actor engaged in long-term espionage and infrastructure compromise, likely preparing the ground for potential disruptions in case of conflict—particularly over Taiwan.

The Cybersecurity and Infrastructure Security Agency (CISA) and FBI have since issued multiple advisories urging U.S. infrastructure operators to harden their networks against “living off the land” techniques—methods that avoid malware and rely on legitimate admin tools to evade detection.

Despite private discussions, the Chinese Ministry of Foreign Affairs continues to deny state involvement in cyber espionage publicly.

In response to the original accusations in 2023, they accused the U.S. of being the “world’s biggest cyber thief” and maintained that the claims were politically motivated.

This development comes amid heightened U.S.-China tensions over Taiwan, technological rivalry, and global cybersecurity concerns.

Analysts suggest that China’s acknowledgment may reflect a pragmatic approach to avoid escalation, especially with increasing international scrutiny over cyber warfare and digital espionage.

However, there’s widespread concern among U.S. allies and lawmakers that China’s strategic cyber posture is growing bolder and more sophisticated. The acknowledgment may not indicate a change in behavior, but rather a tactical move within diplomatic backchannels.