Beijing's hackers attacking americans multiple key points

Defence affairs analysis

Chinese hackers are targeting more sensitive U.S. targets than ever — not to smash and grab, but to bide their time.

Why it matters: Beijing is investing in stealthy, persistent access to U.S. systems — quietly building up its abilities to disrupt everything from federal agencies to water utilities in the event of escalation with Washington.

Even the most routine spying campaign could leave China with backdoors to destruction for years to come.

Driving the news: At least three China-based hacking groups exploited vulnerable SharePoint servers in the last month, according to Microsoft.

Researchers at Eye Security, which first discovered the SharePoint flaws, estimates that more than 400 systems were compromised as part of the SharePoint attacks.

In this case, hackers also stole machine keys. That means the attackers can regain access whenever they want — even after the system is patched — unless admins take rare manual steps to rotate keys.

The big picture: China's state-linked hackers have been growing in sophistication over the last few years as they focus more on targeting technology and software providers with hundreds of customers, often including government agencies.

By the numbers: More than 330 cyberattacks last year were linked to China, double the total from 2023, according to CrowdStrike data shared with the Washington Post.

Those numbers continued to climb in early 2025, according to CrowdStrike.

Between the lines: At least three major Chinese government teams have been targeting U.S. networks in recent years.

Volt Typhoon has focused on breaking into endpoint detection tools to burrow deep into U.S. critical infrastructure, including pipelines, railways, ports and water utilities. Their goal is to maintain persistent access and be prepared to launch destructive attacks in the event of contingencies such as a war over Taiwan, experts say.

Salt Typhoon, known for its compromises of global telecom networks, has focused on traditional espionage and spying. This group tapped cell phones belonging to President Trump, Vice President Vance and other top government officials. The FBI believes that threat is now "largely contained."

Silk Typhoon — which has been linked to a recent breach of the U.S. Treasury Department and is known for the global 2021 Microsoft Exchange hacks — has been ramping up its work in recent months. The group uses previously undetected vulnerabilities, known as zero-days, to break into networks.