Chinese Hackers Target US Firms in Sophisticated Cyber Espionage Campaign
Chinese hackers have kicked off a new cyber attack aimed at American software developers and legal firms. The information stolen could give Beijing a major boost in its continuing trade showdown with Washington. Notice that this surge in espionage spikes was picked up in 2024 and 2025, and it remains a serious risk to both U.S. economic and national security.
An Ever-Shrinking Security Perimeter
The latest wave of breaches, laid out by Mandiant, shows that the Chinese hackers have turned to the cloud suppliers that many U.S. businesses depend on for storing sensitive information. In a worrying twist, these Chinese hackers have moved beyond basic theft. They are now taking U.S. companies’ custom code to identify hidden security holes, which in turn lets them plant deeper, long-lasting footholds that are hard to detect.
This new operation fits into a larger push by state-supported Chinese hackers. Research from Recorded Future shows a subgroup named RedNovember, or Storm-2077, breaking into access devices at the outer edges of high-value entities since June 2024. Defense, aerospace businesses, space organizations, and law firms in Africa, Asia, North, and South America have all appeared in this expanding targeting roster.
Key Targets and Tactics
Below is a quick look at who these hacking groups go after and how they do it:
| Aspect | Details |
|---|---|
| Primary Targets | US software companies, law firms, defense contractors, telecom providers, and various government offices. |
| Noteworthy Groups | UNC5221, RedNovember (also labeled Storm-2077), Salt Typhoon. |
| Common Methods | They exploit weak spots in VPNs and firewalls, and they drop stealthy malware named “Brickstorm” that dodges most endpoint detection. |
| Key Objective | The main aim is to steal intellectual property and to gather intel on US trade policy and national security matters. |
Stealth and Persistence: A Long-Term Game
What stands out most is how long these Chinese hackers stay quiet once inside. Some groups have sat undetected in US corporate systems for more than a year, continuously siphoning off data. Google’s threat analysts point to a tiny malware backdoor called Brickstorm. This malware finds its way onto servers that traditional security software can’t watch over, like VMware ESXi hypervisors and email security gateways. Because these defenses are weak in those spots, the Chinese hackers can linger undetected, making the job a waiting game.
This tactic gives Chinese cyber groups an alarmingly long “dwell time”—how long they sit quietly inside a network without being noticed. According to Google, these intrusions typically stay hidden for an average of 393 days. That’s nearly a year of free rein during which hackers sift through systems, pull out sensitive files, and send them home. Charles Carmakal, chief technology officer at Mandiant, put it straightforwardly: the culprit is “the most active cyber threat” the U.S. faces, based on the sheer number, impact, and sophistication of their missions.
The Timing Signals More Than Numbers
These revelations arrive on the heels of a trade war that is anything but low-key. Ever since the Trump White House slapped historic tariffs on Chinese goods, both nations have been racing to decode the other’s bargaining moves. It’s no coincidence that U.S. law firms are prime targets; they help companies and government agencies understand the thickets of trade and national-security law. Any inside chatter the Chinese hackers pick up gives Beijing a rare window into not just what the U.S. is thinking, but how it plans to argue the case, trade table papers and all.
Beyond Corporate Networks: Critical Infrastructure at Risk
The danger isn’t limited to stealing trade secrets anymore. Another Chinese hacker team, known as Salt Typhoon, has spent years digging into major telecom companies and key infrastructure. U.S. agencies now warn that the mass media outlet Comcast and the cloud powerhouse Data Realty were seemingly caught in Salt Typhoon’s net.
Breaching a colocation data center like Data Realty is a serious worry. These facilities store the infrastructure that private cloud providers and government agencies rely on. A successful hack could allow Salt Typhoon to peek at internal cloud traffic that usually avoids the public internet, turning private conversations into a data goldmine. Although affected firms insist that systems are secured, many officials believe Salt Typhoon remains lingering inside these critical networks.
A Challenging Defense
America’s security teams face a daunting task. The FBI reveals that the number of Chinese hackers is at least 50 times the number of FBI cyber agents. That imbalance forces U.S. defenders to stay in constant motion. John Hultquist, the lead analyst for Google’s threat team, called the Salt Typhoon efforts a “highly effective intelligence mission,” likening it to the impact of the SolarWinds breach that shocked the U.S. government in 2020.
Marc Rogers, a leading pro in telecom cybersecurity, recently highlighted a huge problem: the basics of good cyber hygiene. “The attackers didn’t even need super-secret tools; they mostly exploited flaws that are at least eight years old and stole credentials. Instead of shouting ‘rip and replace’ systems, the real conversation is—why aren’t we regularly patching our critical infrastructure?”
Key Takeaways for Organizations
Make Patching Job One: Many threats still come in through old, well-documented weaknesses in the first line of defense—perimeter devices. Set a patching timetable that is both strict and speedy.
Expect a Long “Visit”: Assume that elite Chinese hackers have already slipped into the network. Use advanced detection tools that keep watch day and night.
Keep Supply Chains in the Loop: Breaches of software suppliers have shown that your network’s strength is still bound to that of your vendors. Make third-party risk assessments a commutes part of your security program.
Conclusion: A Persistent and Evolving Challenge
Recent leaks show that Chinese hackers have launched a concerted and clever campaign to weaken America’s economic and tech edge. Their mix of stealing corporate secrets, probing power grids, and attacking the same targets again and again prove that this is not a quick project. We faces a long-range strategy. While government and private teams race to kick the intruders out of the networks they have already infected, the episode reminds us how vital strong cyber walls and alert partners worldwide have become. Conditions keep shifting, and hard-evidence about how much we have really lost will probably stretch out over more months and even years.
Source: https://edition.cnn.com/2025/09/24/politics/chinese-hackers-breach-us-firms-trade-fight
For more news updates, visit our home page.
