In February 2026, Italian investigators uncovered a breach of Italy’s Interior Ministry network in which China-linked hackers reportedly stole personnel data relating to roughly 5,000 officers from the country’s “Divisione Investigazioni Generali e Operazioni Speciali” (DIGOS), the police unit responsible for monitoring extremist threats and protecting sensitive foreign communities. According to Italian law enforcement, rather than a conventional intelligence-gathering operation, the breach was designed to locate Chinese nationals the Chinese Communist Party (CCP) considered politically threatening.

The CCP has long treated political criticism as a threat to be managed regardless of geography. As Chinese diaspora communities have expanded across North America, Europe, and Australia, so too have its efforts to extend elements of its domestic security apparatus abroad, a practice widely described as “transnational repression.” Freedom House, a US-based non-governmental organization (NGO) that monitors political freedoms globally, found that the PRC was responsible for 253 of 854 documented physical incidents of transnational repression between 2014 and 2022 – more than any other government in the world. In 2023, U.S. authorities charged several individuals alleged to be officers of Beijing’s Ministry of Public Security (MPS) assigned to an elite task force called the “912 Special Project Working Group,” in connection with operations targeting dissidents and diaspora communities living in the U.S.1

The primary targets are those the CCP regards as existential threats to its legitimacy: Uyghurs, Tibetans, practitioners of the Falun Gong spiritual movement, Hong Kong pro-democracy activists, and survivors of the 1989 protests and massacre in Beijing’s Tiananmen Square.2 The net extends to journalists, legal scholars, former officials, and anyone who, from the CCP’s perspective, threatens the Party’s narrative control or security at home. Traditionally, this repression has relied on surveillance, proxy networks, pressure on relatives in China, covert agents, and the misuse of international law enforcement tools. In 2022, Safeguard Defenders, a Pan-Asian human rights NGO, documented a network of covert overseas Chinese “police service stations” operating in different countries through front organizations and community associations.

Physical distance was once a meaningful form of protection. Dissidents who fled beyond China’s borders could not be easily watched, pressured, or silenced without significant investment in human networks and physical infrastructure. Cyber capabilities have steadily worn away that protection, across the full range of repressive activity: identifying and locating targets, building profiles, infiltrating communities, spreading disinformation, disrupting platforms, and applying pressure on individuals and their networks. Much of this can now be conducted remotely, at scale, and with limited visibility. This piece examines how, tracing both the Chinese government’s covert efforts to locate and monitor targets and its more overt campaigns of harassment and intimidation, while highlighting the ecosystem of private contractors and tools that underpin these activities.

The appendix at the end of the piece lists selected China-linked APT groups, their identified transnational repression targets, and known associated private contractors.