Brass Typhoon: The Chinese Hacking Group Lurking in the Shadows
Apr 14, 2025 6:00 AM Though less well-known than groups like Volt Typhoon and Salt Typhoon, Brass Typhoon, or APT 41, is an infamous, longtime espionage actor that foreshadowed recent telecom hacks. ANIMATION: JAMES MARSHALL
As China continues its digital gambit around the world, researchers are warning that hacking activity from long-tracked groups is evolving and blending together. On top of that, attackers are hiding their campaigns more effectively and blurring the lines between cybercriminals and state-backed hacking.
Last year, revelations rocked the United States federal government that the Chinese hacking group known as 'Salt Typhoon' had breached at least nine major US telecoms. And the group's rampage even continued into this year in the US and other countries around the world. Meanwhile, the Beijing-linked hacking group 'Volt Typhoon' has continued to lurk in US critical infrastructure and utilities around the world. Meanwhile, the notoriously versatile syndicate known as Brass Typhoon—also called APT 41 or Barium—has been operating in the shadows.
The group, which researchers have been tracking since about 2012, has quietly continued its broad targeting around the world over the past year. Brass Typhoon has cast a wide net, leading researchers to view it as a sort of broad coalition that has attacked everything from a US livestock app to source code and chip designs from Taiwan's semiconductor industry and even power grids. And over the last year, the group has compromised international institutions in the tech and automotive sectors, materials, shipping and logistics, media, and more, using new and refined malware in an array of sustained campaigns.
'They're absolutely still active and still evolving,' says John Hultquist, who leads threat intelligence at the Google-owned cybersecurity firm Mandiant. 'But it's harder to attribute some of this activity than it was in the past, because it's all part of a much bigger ecosystem of China's activity which has been deliberately built to create a tremendous amount of capability.'
Brass Typhoon is known for having carried out a notable string of software supply chain attacks in the late 2010s and for brazen attacks on telecoms around the same time in which the group specifically targeted call record data. The gang is also known for its hybrid activity, carrying out hacks that align with Chinese state-sponsored espionage by the Chinese Ministry of State Security, but also moonlighting on seemingly cybercriminal projects, particularly focused on the video game industry and in-game currency scams.
Research indicates that Brass Typhoon has continued to be active in recent months with financial crimes targeting online gambling platforms as well as espionage targeting manufacturing and energy firms. Its sustained activity has run in parallel to Salt and Volt Typhoon's recent, attention-grabbing campaigns, and analysis increasingly shows that China's state-backed hacking operations must be viewed comprehensively, not just in terms of individual actors.
'I think we should not get too down the rabbit hole of is it Salt? Is it Flax? Is it Volt?' former US Cybersecurity and Infrastructure Security Agency director Jen Easterly told WIRED during her last days in that role in January, referring to an array of Beijing-linked hacking groups. 'At the end of the day, China, as we've seen in assessments from the Intelligence Community, is the most formidable, persistent cyber threat that we are dealing with.'
Hultquist agrees, emphasizing that while tracking the activity of individual groups is still vital, it is increasingly important for defenders to factor in the advantages that state espionage and offensive hacking operations gain from broad collaboration.
'There was a time when there were very simple indicators that told us who each actor was, and they were operating incredibly loudly, so it was easy to spot the smash-and-grab nature of the activity,' he says. 'APT 41 is still doing some loud activity, but so much of its activity now has gotten better and they've made an effort to really avoid our controls.'
Ultimately, though, researchers say that the most significant takeaway about Brass Typhoon's current activity is that it continues apace.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Yahoo
12 minutes ago
- Yahoo
New Statcounter AI data finds ChatGPT sends 79.8% of all chatbot referrals to websites
ChatGPT clear leader in all G20 countries bar China New data emphasises Google AI "dilemma" in Search SAN FRANCISCO and DUBLIN, June 11, 2025 /PRNewswire/ -- Statcounter the easy-to-use web analytics company has announced the launch of new research which measures the number of referrals from individual AI chatbots to websites. The data, updated daily by individual country and region, is free to access at Statcounter Global Stats. "With the massive growth in AI chatbot usage, it is crucially important for website owners and marketers to know which chatbots are sending the most referrals to websites," commented Aodhan Cullen, CEO, Statcounter. "We are already moving into a new era from SEO (Search Engine Optimization) to Generative Engine Optimization (GEO)." The new data finds that ChatGPT is by far the global leader in terms of referral market share at 79.8%, followed by Perplexity (11.8%); Microsoft Copilot (5.2%); Google Gemini (2%); DeepSeek; (0.8%) and Claude (0.5%). Worldwide share: US Share: UK Share: Commenting on the fact that Google's chatbot is ranked fourth globally for referrals, Aodhan Cullen added: "Google now finds itself in the same dilemma as traditional on-premise software providers at the birth of cloud computing. Its cash cow, Search, is at risk from new AI technology, which ironically, it helped to create." He added that reports that Apple may add AI search to Safari emphasises Google's challenge. The Statcounter data finds that ChatGPT dominates referral market share in all G20 countries except China. DeepSeek leads with 89.3% in China. Map: Commenting on the launch of the latest addition to Statcounter Global Stats, Aodhan Cullen said: "AI is the big investment play by the tech industry. This new free service means that analysts, digital marketers and media can get an insight into how the AI landscape is evolving." Statcounter Global Stats data is based on over 3.8 billion page views per month to over 1.5 million websites. Further information: Note: Grok cannot be included in the data, as unlike the other chatbots, it does not provide referral data in its header. Statcounter's core business is to provide website owners and marketers with an easy to use web analytics, session replay and heatmap service for their websites. Photo: View original content:
Yahoo
18 minutes ago
- Yahoo
Musk Says Tesla Robotaxi Launch Tentatively Planned for June 22
Tesla expects to launch its long-anticipated robotaxi service tentatively on June 22, CEO Elon Musk said. The date for the launch in Austin, Texas, could shift because Tesla is being 'super paranoid about safety,' Musk said in a post on X late Tuesday. News Sites Are Getting Crushed by Google's New AI Tools X's Sales Pitch: Give Us Your Ad Business or We'll Sue Is the Immigration Crackdown Already Showing Up in the Labor Market? Moody's Sounds Alarm on Private Funds for Individuals ABC News Parts Ways With Correspondent After X Post Critical of Trump Aide Musk also shared a clip of a driverless black Model Y SUV testing on public roads in Austin. Tesla is hoping to derive much of its future business from robotics and artificial intelligence. Musk has portrayed the launch of driverless vehicles as central to Tesla's future success and valuation, saying robots and self-driving cars could propel Tesla's market value to at least $30 trillion. The stakes are high for Tesla, as its core business of making and selling EVs has been under pressure amid slack buyer demand and increased competition from Chinese EV makers such as BYD. Tesla's robotaxi competes against Alphabet's Waymo domestically, which launched the service in 2020 and operates in several cities, including San Francisco and Austin. Tesla's robotaxi development has lagged behind its Chinese rivals. Baidu's Apollo Go, WeRide and Pony AI, the 'Big Three' of China's autonomous driving scene, have launched robotaxi services in China and have recently expanded their footprints to the Middle East with ambitions of global operations. China's robotaxi fleet currently stands at around 1,700. 'This is a major endeavor for Musk and Tesla,' Wedbush analysts led by Dan Ives said in a research note, as 'the vast majority of valuation upside looking ahead for Tesla is centered around the success of its autonomous vision taking hold with this key launch in Austin ahead.' Write to Sherry Qin at Meta in Talks to Invest $14 Billion in Scale AI, Hire CEO Alexandr Wang The Media and Entertainment Deal Machine Is Revving Up Cyberattack on Food Distributor Leaves Supermarket Shelves Running Low Apple Executives Defend Apple Intelligence, Siri and AI Strategy Google Extends Employee Buyout Offers in Push to Raise AI Spending Error in retrieving data Sign in to access your portfolio Error in retrieving data Error in retrieving data Error in retrieving data Error in retrieving data
The Hill
26 minutes ago
- The Hill
Google offers buyouts to staff in latest round of cost cutting
Google has offered buyouts to staff in several divisions in a fresh round of cost cutting, according to a company statement and reports from several news outlets. It's not clear how many employees are affected, but the offers were made to staff in Google's search, advertising, research and engineering units, according to The Wall Street Journal. 'Earlier this year, some of our teams introduced a voluntary exit program with severance for U.S.-based Googlers, and several more are now offering the program to support our important work ahead,' a Google spokesperson, Courtenay Mencini, said in a statement. 'A number of teams are also asking remote employees who live near an office to return to a hybrid work schedule in order to bring folks more together in-person,' Mencini said. The tech company started trimming its headcount in 2023, when it announced that it was laying off 12,000 staff as the economic boom that fueled demand for online services during the COVID-19 pandemic started to fade.
