In July 2016, Finnish cyber-security firm F-Secure published a White Paper entitled ‘NanHaiShu: RATing the South China Sea’. The article discussed the identification of a Remote Access Trojan, a malware which targeted organisations associated to the international territorial dispute in the South China Sea since 2015. Based on technical and motivational characteristics, the malware was attributed to threat actors from the People’s Republic of China (PRC). The identification of NanHaiShu validates findings detailed an earlier study about China’s evolving intelligence strategies in cyberspace, and its move away from outdated mosaic techniques. Armed with a firm foothold in the technological research, development and manufacturing sector, there could be little doubt about the continued sophistication of China’s operational cyber-security capabilities being used in its plans for global market expansion. The recognition of cyberspace as an operation domain has revealed a clear indication of cyber-security’s intimate relationship with global geopolitics, and the subsequent effects on how state coordinated cyber-espionage will be conducted.