A Chinese hacking group is reportedly behind a significant espionage campaign targeting U.S. technology firms and legal services, highlighting a worrisome escalation in China’s cyber “Cold War” with the United States.
Since March 2025, Google’s Threat Intelligence Group and its cybersecurity subsidiary, Mandiant, have tracked suspicious activities, delivered over a backdoor malware known as “BRICKSTORM.” This sophisticated campaign is targeting a variety of sectors, including law firms, software-as-a-service providers, and other technology companies. Following extensive monitoring and analysis, Google has linked these hacking efforts to UNC5221, a long-suspected Chinese Advanced Persistent Threat (APT) actor, alongside other “threat clusters” associated with China.
The BRICKSTORM campaign is especially disturbing for two primary reasons. Firstly, it was crafted to ensure “long-term stealthy access” by embedding backdoors into targeted systems, enabling hackers to dodge conventional detection and response methods. The stealth campaign has proven so adept that, on average, these intruders remain undetected in targeted systems for nearly 400 days, as revealed by a Google report.
Secondly, the motivations behind these cyberattacks transcend the theft of trade secrets and national security data. Google suspects that these hackers are also probing for “zero-day vulnerabilities targeting network appliances,” as well as “establishing pivot points for broader access” to additional victims. This indicates a strategy to gather intelligence that could be pivotal to the Chinese military should tensions escalate between the U.S. and China.
Xi Jinping, the leader of Communist China, has consistently expressed his ambition for the nation to become a “cyber superpower.” With this goal in mind, the Chinese government has invested significant resources in building a formidable cyber army.
The People’s Liberation Army (PLA) considers cyber warfare to be a crucial aspect of both its defensive and offensive strategies, alongside traditional military forces. Cyberattacks are viewed as a cost-effective means to undermine an opponent’s will to fight by targeting its economic, political, scientific, and technological systems.
Thus, the PLA reportedly employs as many as 60,000 cyber personnel, ten times larger than the U.S. Cyber Command’s Cyber Mission Force. Additionally, a higher proportion of the PLA’s cyber force is dedicated to offensive operations compared to the United States (18.2 percent versus 2.8 percent).
Alongside China’s official cyber force, the Ministry of State Security and the Ministry of Public Security have adopted a “pseudo-private” contractor model that allows them to hire civilian hackers to conduct cyber espionage abroad while obscuring the Chinese government’s involvement.
Over time, the Communist regime has also significantly advanced its cyber operation capabilities. Today, China’s cyber operations are increasingly sophisticated, utilizing advanced tactics, techniques, and procedures to infiltrate victim networks, according to a U.S. government report.
The BRICKSTORM attack is part of a long series of high-profile cyberattacks originating from China in recent years. Between 2023 and 2024, Salt Typhoon, a Chinese hacking group linked to the Ministry of State Security accessed U.S. wireless networks operated by companies such as AT&T and Verizon, “as well as systems used for court-appointed surveillance.” This breach resulted in the compromise of telecommunication data for over a million American users, including individuals involved in both Trump’s and then-Vice President Kamala Harris’s presidential campaigns.
“Volt Typhoon,” another Chinese hacking campaign, has successfully infiltrated critical American infrastructure networks, including those of power plants, pipelines, and water treatment facilities. This breach poses a serious threat by granting hackers the potential to shut down essential services, allowing them to disrupt our society at their discretion.
In a striking demonstration of the ongoing cyber threat from China, the U.S. Secret Service recently foiled a scheme that could have seriously impaired telecommunications and law enforcement operations in New York City during a crucial event attended by over 150 world leaders, including U.S. President Trump, at the United Nations’ annual meeting. U.S. officials have indicated that this troubling plot likely had ties to the Chinese government.
These hacking incidents act like live military drills but take place in the digital realm. Each breach enables Chinese hackers to gather intelligence and develop strategies for future disruption. In many cases, these cyberattacks pose a greater threat than traditional drills, inflicting real-time harm and compromising our future security.
The Chinese Communist Party’s deliberate and frequent infiltration of America’s civilian systems signifies its preparation for confrontation with the United States. This brazen posture reveals the Party’s intention to disregard established rules of engagement in any military conflict, aiming instead for maximum disruption and considerable casualties. This situation serves as a crucial wake-up call for us to fortify our defenses and reevaluate our approach to cyber warfare. Our response must be a united effort across society.
Private American companies often remain silent after becoming targets of Chinese hackers, fearing loss of market access in China or retaliation from the Chinese government. This collective silence has resulted in the loss of trillions of dollars in intellectual property, offering no protection to these businesses. It is essential for American companies to understand that their security and long-term viability depend on actively addressing Chinese cyberattacks. They must be willing to share information with other businesses and the U.S. government. By exposing more Chinese cyberattacks and fostering open communication, we can enhance our defenses and effectively counter future hacking operations from China.
The Trump administration must also take decisive action to hold the Chinese government and its affiliated hackers accountable for their cyber activities.
In March, the Department of Justice indicted 12 Chinese nationals, including two alleged officials from the Ministry of Public Security, for executing extensive cyber espionage operations on behalf of China. The DOJ’s indictment reveals that these state-sponsored hackers targeted not only Chinese dissidents in the United States but also more than 100 organizations based in the U.S., including defense contractors, health care systems, and even the U.S. Treasury, incurring millions of dollars in damages. While this indictment represents a significant step forward, it is clear that more is needed.
Furthermore, the Trump administration should integrate cybersecurity measures into its trade negotiations with Beijing. By doing this, it can raise the stakes for the Chinese Communist Party’s malicious cyberattacks, ultimately deterring these actions by leveraging U.S. advantages in other areas. This approach is essential for safeguarding our national security and the integrity of our economic and political system.