Beyond Contractors: China’s Cyber Militia Model

China’s Cyber Militia Model

A recent article by Margin Research highlights how extensively China has integrated civilian companies and quasi-private organizations into its security and defence apparatus.[i]

Figure 1 - Courtesy of Margin Research[ii]

The People’s Republic has developed its own model in which private enterprises, state authorities, and military structures are tightly interwoven, a structure that is relevant across all forms of information operations (IO) and influence activities.  

While these companies operate under market principles, they are organizationally embedded within China’s military and security architecture. The model is distinct: beyond contractors and fronts, Beijing employs cyber militias. Civilian companies and institutes, such as the mentioned firm Qihoo 360[iii], are formally linked to defence structures, including the People’s Armed Police Forces Departments (PAFD). This results in a hybrid system, illustrated in the figure below.

Figure 2 - Courtesy of Margin Research[iv]

Figure 3 - Courtesy of Margin Research[v]

For China, cutout and front companies serve as proxies to conduct highly sensitive operations below the radar.

Margin Research thus highlights that this structural approach fundamentally differs from the American model. In the U.S., the government relies on private contractors to provide cyber and information operations support, but these entities remain outside the military chain of command and operate under clear contracts and oversight.

Other actors, such as Russia and Iran, use hybrid models, combining contractors with front companies and cutouts. These civilian-looking firms act as covert state proxies, deliberately blurring the line between state and non-state actors to preserve plausible deniability.

This model makes clear that dealing with China means engaging with a system where private and state interests are deeply intertwined. Its relevance extends beyond information operations to all sectors reliant on Chinese technology, as underscored by the recent discovery of rogue communication devices in Chinese solar inverters.[vi]

[Footnotes]

[i] Margin Research, Green, K., 2025. Cyber Militias Redux: Or, "Why Your Boss Might Also Be Your Platoon Leader in China". Verfügbar unter: https://margin.re/2025/08/cyber-militias-redux-or-why-your-boss-might-also-be-your-platoon-leader-in-china-2/

[ii] Margin Research, Green, K., 2025. Cyber Militias Redux: Or, "Why Your Boss Might Also Be Your Platoon Leader in China". Verfügbar unter: https://margin.re/2025/08/cyber-militias-redux-or-why-your-boss-might-also-be-your-platoon-leader-in-china-2/

[iii] Margin Research, Green, K., 2025. Cyber Militias Redux: Or, "Why Your Boss Might Also Be Your Platoon Leader in China". Verfügbar unter: https://margin.re/2025/08/cyber-militias-redux-or-why-your-boss-might-also-be-your-platoon-leader-in-china-2/

[iv] Margin Research, Green, K., 2025. Cyber Militias Redux: Or, "Why Your Boss Might Also Be Your Platoon Leader in China". Verfügbar unter: https://margin.re/2025/08/cyber-militias-redux-or-why-your-boss-might-also-be-your-platoon-leader-in-china-2/

[v] Margin Research, Green, K., 2025. Cyber Militias Redux: Or, "Why Your Boss Might Also Be Your Platoon Leader in China". Verfügbar unter: https://margin.re/2025/08/cyber-militias-redux-or-why-your-boss-might-also-be-your-platoon-leader-in-china-2/

[vi] Quelle: Reuters, 2025. Rogue communication devices found in Chinese solar power inverters. [online] Published 14 May 2025. Available at: https://www.reuters.com/sustainability/climate-energy/ghost-machine-rogue-communication-devices-found-chinese-inverters-2025-05-14/

DISCLAIMER

Copyright and License of Product 

This report (the "Product") is the property of Cyfluence Research Center gGmbH ("Cyfluence") and is protected by German and international copyright laws. The User is granted a limited, non-transferable license to use the Product solely for internal purposes. Reproduction, redistribution, or disclosure of the Product, in whole or in part, without prior written consent from Cyfluence is strictly prohibited. All copyright, trademark, and proprietary notices must be maintained.

Disclaimer of Warranties

The Product is provided "as is" without warranties of any kind, express or implied, including but not limited to warranties of merchantability or fitness for a particular purpose. Although Cyfluence takes reasonable measures to screen for viruses and harmful code, it cannot guarantee the Product is free from such risks.

Accuracy of Information 

The information in the Product has been obtained from sources believed to be reliable. However, Cyfluence does not guarantee the information's accuracy, completeness, or adequacy. The User assumes full responsibility for how they use and interpret the Product. Cyfluence is not liable for errors or omissions; opinions may change without notice.

Limitation of Liability

To the fullest extent permitted by law, Cyfluence shall not be liable for any direct, indirect, incidental, or consequential damages, including lost profits or data, arising from the use of or inability to use the Product, even if advised of such possibilities. Liability for intent or gross negligence remains unaffected under German law.

Indemnification

The User agrees to indemnify and hold harmless Cyfluence, its affiliates, licensors, and employees from any claims or damages arising from the User’s use of the Product or violation of these terms.

Third-Party Rights

The provisions regarding Disclaimer of Warranties, Limitation of Liability, and Indemnification extend to Cyfluence, its affiliates, licensors, and their agents, who have the right to enforce these terms.

Governing Law and Jurisdiction 

This Agreement is governed by German law, and any disputes shall be resolved exclusively in the courts of Berlin. If any provision is found invalid, the remaining terms remain in full effect.