Non-state actors are a feature of all cyberspying. But in China, the use of non-state actors matches its historical method of espionage in China.
Center for Strategic and International Studies analyst James Lewis writing for the Lowy Institute:
China’s cyber espionage strategy combines both official programs and the coordination of unruly efforts of thousands of individuals, companies, and civil agencies as intelligence collectors. This broad, diffuse, cyber espionage collection program reflects the traditional Chinese approach to intelligence collection – instead of relying on officers operating under official cover, China’s approach has been described as “a thousand grains of sand,” where businessmen, researchers or students are asked to collect information when they visit a country
This accounts, too, for the profusion of Chinese nationals of a non-intelligence background living abroad who are expected to provide useful information to Beijing.
Online, however, it means there is less control over cybertheft from the top. China cyber-espionage includes official programs plus “independent actions by agencies and companies not directed by the central government” as well as individual criminal activities sometimes working for a larger organization.
As Lewis writes:
The central leadership in Beijing does not control all of these actors and it is not clear that it could control them if it wished to do so, despite strenuous efforts to keep internet freedom in check.
This was seen in the news surrounding the US indictments of the five China military officers for spying.
From the New York Times:
Some military and government employees moonlight as mercenaries and do more hacking on their own time, selling their skills to state-owned and private companies. Some belong to the same online social networking groups.
“There are many types of relationships,” said Adam Segal, a China and cybersecurity scholar at the Council on Foreign Relations in New York. “Some P.L.A. hackers offer their services under contract to state-owned enterprises. For some critical technologies, it is possible that P.L.A. hackers are tasked with attacks on specific foreign companies.”…
A hacker who jumps among wildly divergent victims, he said, is likely to be a contractor. In recent months, FireEye observed a hacker who took aim at foreign defense and aerospace companies, then hacked an online entertainment company. It appeared the hacker was a private contractor.
It’s something to keep in mind in discussions of US-China cyber competition. Without a doubt non-state actors are big in hacking in the US – but it’s not likely they form an integral part of official US cyberwar capabilities. The role of the Chinese cyberattackers suggests there are plenty of side deals between various parts of Chinese government and lone individuals undergirding China’s efforts. That means, Beijing probably couldn’t stop the cybertheft if it wanted to.