Published On : 2023-11-24
Share :


China is yet again meddling in the South China Sea, this time while wars rage in Gaza and the Ukraine. The timing of its actions undoubtedly reflects China’s short-term imperatives and long-term plans, and the escalatory trend is worrying as their latest actions involve cyber espionage and two provocative naval incidents on the same day within the Philippines‘ exclusive economic zone. Beijing and Manila are in the midst of an increasingly tense standoff over Second Thomas Shoal – an area within the zone – which has the potential to escalate into a major crisis, or a conflict manifesting early in the cyber domain.


President Biden warned that “conflict and chaos could spread to the Indo-Pacific” from late October, and, amidst the wars in Ukraine and Israel, little attention has been paid to China’s ongoing coercion, in what Beijing calls the South China Sea, and Manila, the West Philippine Sea (or simply, the Philippine Sea).

China’s latest actions involve a Coast Guard vessel nudging a tiny Philippines government-contracted resupply boat, and a Chinese armed militia vessel similarly knocking a smaller Philippines Coast Guard vessel. This is the first time the Philippines has reported Chinese ships deliberately hitting Philippine government vessels, however, it’s not unexpected.

The Philippines has a derelict vessel called Sierra Madre beached on Second Thomas Shoal on which live a number of military personnel who would fall under the U.S.-Philippines Mutual Defense Treaty, if they came under armed attack. However, that vessel is disintegrating, and the Philippine government aims to reinforce the structure using construction materials brought to the site by ship.

China appears determined to prevent these efforts and Beijing is using a combination of fishing vessels, maritime militia, coast guard, and People’s Liberation Army Navy ships to intercept the Philippines’ resupply manoevres, steadily escalating tensions. More than 100 militia ships and numerous Chinese Coast Guard ships have been witnessed in the area, allegedly almost colliding with Philippine Coast Guard ships at times. This recent incident described above is just the latest in a string of intimidating actions by Beijing, who arguably sees this as an effort to uphold the status quo.

Both Beijing and Manila appear determined to press ahead at Second Thomas Shoal, which means that the U.S. – due to the Mutual Defense Treaty with the Philippines – are increasingly more likely to get embroiled in the conflict. Thus far, Washington has been supportive of Manila, but has largely stayed in the background, offering mostly political assistance. The U.S. State Department asserted it‘s stance after the latest incident, stating that the mutual defense treaty extends to “armed attacks on Philippine armed forces, public vessels, and aircraft.” Therefore it stands to reason that a if a more serious clash occurs, the South China Sea could become the next major
global flashpoint.


Presidents Biden and Xi Jinping met in Silicon Valley in mid-November in an attempt to reduce tensions in the world’s most precarious bilateral relationship, but many questions remain unanswered.

The formalized meeting adjacent to the APEC summit – rather than a bilateral summit or state visit – which in itself is arguably indicative of how low relations between the two countries have sunk.

After a year of almost no recorded communication, the meeting itself was presented as an important deliverable, with both leaders announcing a set of measures, including the partial resumption of military communication, following the Chinese withdrawal from military talking channels last year as ‘punishment‘ for US Speaker Pelosi’s visit to Taiwan. The resumption of military communications will include operational contact between senior commanders and ship captains, and a meeting between Defense Secretary Lloyd Austin and his Chinese counterpart.

Despite signs of renewed engagement, both Beijing and Washington (and Manila, for that matter) appear committed to their current confrontational course, which means the prospects for stabilization remain distant at best, and foolhardy at worst. It was during the conference in California that Chinese ships were provoking Philippine vessels in the exclusive economic zone, and Chinese hackers were infiltrating the Filipino government.

It could be asserted that Beijing’s skepticism around dialogue is because this situation is seen as an avenue for the United States to try to contain China’s actions in regions that China feels are sovereign (i.e. the fault lines inside China’s so-called ‚tenth dash line‘), claims on territory in internationally-recognized waters belonging to other Asia–Pacific states like Vietnam, Indonesia or the Philippines. China argues it‘s Coast Guard and the militia are simply enforcing China’s domestic laws, which the country has unilaterally decided to apply to the 90% of the sea it claims. In terms of area, China’s contested take-over of this expanse dwarfs Russia’s attempted annexation of Ukraine – to a tune of five times – but was rejected by the Permanent Court of Arbitration at The Hague in 2016.

From the People’s Liberation Army’s perspective, the United States has no business being anywhere near the Taiwan Strait, Thomas Shoal, or anywhere within region of the ten dash line, where China claims territory. For that reason we should restrain our expectations as to the real beneft of the recent talks. Given Chinese actions, we can rest assured that this will be tested soon. However, we should not expect either the US-China Defense Policy Coordination Talks or the US-China Military Maritime Consultative Agreement to fundamentally alter the trajectory of events in the second Thomas Shoal.


The Asia–Pacific region is host to the most prolific users of cyber as a tool of statecraft, with China being the undisputed largest state sponsor of cyber attacks in the world. Many tensions in the region (exacerbated by extra-regional powers like the U.S.) have the potential to escalate into conflict, and most likely take place in cyberspace.

While Beijing was stirring up trouble in the Philippine Sea, the China-affiliated APT; Mustang Panda, has been attacking governmental organizations in Manila. Researchers have also attributed three other campaigns from this summer, primarily singling out organizations in the South Pacific to the same Chinese APT. The campaigns leveraged legitimate software including Solid PDF Creator to sideload malicious files which cleverly impersonated legitimate Microsoft traffic for command-and-control connections.

Mustang Panda, also tracked under the name Bronze President, has been active since at least 2012, orchestrating cyber espionage campaigns targeting both non-governmental organizations and government bodies across North America, Europe, and Asia. This year, Mustang Panda and other APTs have been focused on countries surrounding the South China Sea, where China presses territorial claims on countries like the Philippines, Vietnam or Indonesia, as well as on the United States, with which China is in conflict over primacy in the region and global affairs as a whole. Guam; a US territory in the Western Pacific that is home to significant US military bases, has allegedly been targetted .

A joint advisory from all Five Eyes countries (Australia, Canada, New Zealand, the United Kingdom, and the United States) reported a major Chinese cyberespionage operation that has reportedly succeeded in penetrating a range of US critical infrastructure sectors earlier this year. The attack is attributed to a Chinese APT known as Volt Typhoon, a group that has been active for at least two years. The industries of communications, manufacturing, utilities, transport ation, construction, maritime industries, government, information technology, and education have all become targets of the observed campaign. The threat actor has likely been trying to conduct espionage and keep access without being discovered for as long as feasible, according to the observed behavior.

Just recently, the Five Eyes issued another warning against, use of artificial intelligence in large scale Chinese hacking campaigns, given AI‘s potential to amplify and augment the threat. Chinese hackers have been mainly focusing on the defense industrial base, successfully compromising the networks of contractors to the Pentagon’s U.S. Transportation Command 20 times in a single year, while many other incursions have probably never been found. Some researchers are also worried China is trying to position itself in a way it could try to paralyze U.S. critical infrastructure in case of an eruption of conflict between the two countries over the issue of Taiwanese or Philippine waters .


The meeting between Joe Biden and Xi Jinping in San Francisco produced an agreement to partially restore previous channels of military-to-military communication, suspended by Beijing in August 2022. While resumption of some military-to-military dialogues is welcome, the agreement does not restore pre-2020 levels of defense communication between the U.S. and China. More senior strategic defense policy dialogues, such as those previously held at the undersecretary or assistant secretary level, do not appear to have been restored.

US officials blame China’s increasingly aggressive stance for more unsafe intercepts. Communication gaps amid tensions will hinder crisis de-escalation. Crisis prevention progress is elusive as both sides use military and cyber posturing, reflecting an intractable disagreement over Western Pacific operational rights. As Taiwan and the US approach presidential elections, the political climate will likely remain fraught with risks and tensions.

China’s longstanding strategy of escalating actions appears poised for further intensification. The Chinese Communist Party backed Global Times has already predicted “more severe collisions,” and in the immediate future, there is a high probability that China will damage or sink a Philippine Coast Guard vessel or one of the smaller Philippine government-chartered vessels. Additionally, the heavily armed Chinese ships could fire warning shots to further demonstrate their growing determination, with other actions also possible. In such a tense environment, large state-sponsored cyberattacks remain a very real threat.