China Escalates Cyberattacks Targeting U.S. Technology Firms

A Chinese hacking group is reportedly behind a significant espionage campaign targeting U.S. technology firms and legal services, marking an escalation in China's cyber operations against the United States. This campaign, tracked by Google’s Threat Intelligence Group and its cybersecurity subsidiary, Mandiant, has been active since March 2025 and involves the deployment of a sophisticated malware known as "BRICKSTORM."

Explainer Trump Administration Reassesses Approach to Sanctuary Officials

The BRICKSTORM campaign is particularly concerning due to its design for long-term stealthy access, allowing hackers to embed backdoors into targeted systems. According to a Google report, these intruders often remain undetected for nearly 400 days on average.

Google has linked these activities to UNC5221, a Chinese Advanced Persistent Threat (APT) actor, and other threat clusters associated with China. The motivations behind these cyberattacks extend beyond mere theft of trade secrets; they also include probing for vulnerabilities in network appliances and establishing broader access points for future operations.

Xi Jinping, the leader of China, has expressed ambitions for the country to become a "cyber superpower," and the Chinese government has invested heavily in building a formidable cyber force. The People’s Liberation Army (PLA) reportedly employs around 60,000 cyber personnel, significantly outnumbering the U.S. Cyber Command’s Cyber Mission Force.

Critics argue that the PLA's focus on offensive cyber operations, which stands at 18.2% compared to the U.S. figure of 2.8%, highlights a growing threat. Cyber warfare is viewed by the PLA as a cost-effective means to undermine adversaries by targeting their economic and technological systems.

In recent years, China has conducted numerous high-profile cyberattacks. Between 2023 and 2024, the hacking group Salt Typhoon accessed U.S. wireless networks operated by companies such as AT&T and Verizon, compromising data for over a million American users. Another campaign, Volt Typhoon, infiltrated critical infrastructure networks, raising concerns about the potential for significant disruptions to essential services.

In a recent incident, the U.S. Secret Service disrupted a scheme that could have severely impacted telecommunications and law enforcement operations in New York City during a major event attended by over 150 world leaders. U.S. officials suspect ties to the Chinese government in this plot.

Helen Raleigh, a senior contributor at The Federalist, noted, "These hacking incidents act like live military drills but take place in the digital realm. Each breach enables Chinese hackers to gather intelligence and develop strategies for future disruption."

The Chinese Communist Party's ongoing infiltration of American civilian systems indicates a preparation for potential confrontation with the United States. This situation has prompted calls for a reevaluation of U.S. cybersecurity strategies.

Private American companies often remain silent after being targeted by Chinese hackers, fearing repercussions. This silence has resulted in significant losses in intellectual property, with estimates running into trillions of dollars. Experts emphasize the need for companies to actively address these threats and share information with the U.S. government to strengthen defenses.

In March, the Department of Justice indicted 12 Chinese nationals, including two officials from the Ministry of Public Security, for extensive cyber espionage operations. This indictment revealed that state-sponsored hackers targeted over 100 organizations in the U.S., including defense contractors and healthcare systems, resulting in millions of dollars in damages.

While this indictment is a step forward, experts argue that more decisive actions are necessary. The Trump administration is urged to integrate cybersecurity measures into trade negotiations with China to raise the stakes for malicious cyber activities. This approach is seen as essential for safeguarding national security and the integrity of the U.S. economic and political system.