In the last decade, Communist China’s cyberattacks on the United States have escalated in scale and sophistication, targeting sectors ranging from national security to critical infrastructure.
According to FBI chief Christopher Wray, Chinese regime-employed hackers outnumber FBI cybersecurity personnel by at least 50 to 1, representing “a bigger hacking program than every other major nation combined,” he said in February 2024.
From stealing sensitive personal data to pre-positioning sabotage tools in critical infrastructure, these attacks underscore a sustained campaign to weaken U.S. security and technological leadership.
Despite ongoing efforts to counter these threats, the disorganized condition of America’s cybersecurity infrastructure and limited government resources mean the U.S. remains vulnerable to Beijing’s increasingly brazen cyber operations, 10 of which are summarized below:
1. May 2020: Moderna vaccine espionage
Chinese hackers targeted U.S.-based biotech firm Moderna during its COVID-19 vaccine research. Hackers probed public websites and scouted personnel accounts to steal proprietary research. Moderna, funded with nearly half a billion dollars by the U.S. government, was among several global companies targeted for pandemic-related data theft.
2. March 2021: Silk Typhoon targets Microsoft Exchange
Success
You are now signed up for our newsletter
Success
Check your email to complete sign up
The hacking group Silk Typhoon, associated with the Ministry of State Security (MSS) — Communist China’s spy agency — exploited vulnerabilities in Microsoft Exchange Servers to infiltrate over 30,000 organizations. Targets included defense contractors, pharmaceutical companies, and think tanks. Microsoft stated that the group’s operations compromised more than 250,000 servers in the U.S.
3. December 2021: Log4j exploitation by APT41
APT41, a Chinese hacker unit also allegedly affiliated with the MSS, exploited a vulnerability in the open-source Log4j logging software to infiltrate at least six U.S. government networks. By leveraging the flaw, the hackers created backdoors, mined cryptocurrency, and built botnets. Despite warnings about the vulnerability, the hack persisted for months.
4. December 2022: COVID-19 relief fund theft
During the novel coronavirus pandemic, around $280 billion in COVID-19 relief funding went to fraudulent claims, of which the Justice Department has only managed to recover $1.5 billion so far. Among the parties involved in the fraud was APT41, whose hackers siphoned off funds using the stolen Social Security numbers of deceased Americans as well as those in prison or jail.
5. May 2023: Antique Typhoon spies on US government officials
The hacking group Antique Typhoon forged digital authentication tokens to access email accounts of 25 organizations, including U.S. government agencies. Targets included Commerce Secretary Gina Raimondo and members of Congress. The breach was used for espionage, exfiltrating sensitive data without disrupting systems.
6. August 2023: HiatusRAT and military procurement hacks
China-backed hackers deployed a remote access tool, HiatusRAT, to compromise U.S. and Taiwanese military procurement systems. The breach provided intelligence on defense contracts and arms shipments, furthering Beijing’s strategic interests in the Indo-Pacific region.
7. September 2023: BlackTech’s defense sector infiltration
The Chinese hacking group BlackTech targeted U.S. and Japanese companies in the defense sector by exploiting corporate subsidiaries. U.S. intelligence agencies stated that the group accessed major corporate networks, aiming to exfiltrate data on defense projects and technologies.
8. January 2024: Volt Typhoon’s sabotage preparations
Volt Typhoon, a hacking unit believed to be tasked with hampering U.S. military mobilization in the event of Chinese action against Taiwan, embedded malware in U.S. critical infrastructure, including water, energy, and transportation systems. Unlike espionage-focused attacks, this campaign sought to enable sabotage in case of conflict. U.S. officials revealed the malware had been present since at least 2021 and remained embedded in some privately owned systems.
9. November 2024: Salt Typhoon’s telecommunications breach
Salt Typhoon, affiliated with the MSS, compromised infrastructure at major telecommunications companies, including AT&T and Verizon, granting access to calls and texts across affected networks. Congressional leaders described the breach as “among the most significant in history,” citing its likely origins in 2022 and its targeting of high-profile individuals.
10. January 2025: Hacking the US Treasury Department
Chinese state-backed hackers infiltrated the Treasury Department’s networks via cybersecurity provider BeyondTrust. The breach targeted servers responsible for administering international sanctions and accessed accounts belonging to Treasury Secretary Janet Yellen. The scale of the data theft remains undisclosed.
