Major Chinese-Attributed Cyberattacks on Companies in 2025

As a professional cybersecurity controls assessor, I have reviewed available sources to identify the most significant cyberattacks attributed to Chinese state-linked actors in the past year (December 2024 to December 2025) that have notably impacted corporate cybersecurity. These incidents primarily involve espionage, data exfiltration, and disruption, often targeting critical infrastructure and private sector entities. Attribution to Chinese actors is based on reports from credible organizations such as the Center for Strategic and International Studies (CSIS), Microsoft, and U.S. government agencies. I prioritized incidents with broad effects on companies, focusing on public breaches, estimated resolution costs (where available), and preventive measures aligned with NIST SP 800-53 controls.

The most impactful incidents include the Salt Typhoon campaign (with ongoing revelations and effects into 2025) and the exploitation of Microsoft SharePoint vulnerabilities. These were selected due to their scale, affecting multiple companies across sectors like telecommunications and critical infrastructure, and their implications for broader cybersecurity postures. Note that exact costs are often not fully disclosed publicly, as they encompass investigation, remediation, legal fees, and lost productivity; where unspecified, I reference average U.S. data breach costs of approximately $10 million in 2025.

1. Salt Typhoon Campaign (Ongoing, with Key Revelations in 2025)

  • Breach Description: Chinese state-sponsored hackers, dubbed Salt Typhoon (also known as APT41 or related groups), infiltrated major U.S. telecommunications companies starting as early as 2022, with significant disclosures and ongoing impacts reported through 2025. The attackers exploited vulnerabilities in network infrastructure to gain persistent access, targeting systems used for lawful wiretaps and customer data. In July 2025, further details emerged about the breach’s scope, sending shockwaves through the industry. Affected companies included AT&T, Verizon, and Lumen Technologies, among others.
  • Impact on Cybersecurity: This breach compromised sensitive data potentially affecting nearly every U.S. resident, including high-profile individuals, enabling espionage and potential disruption of critical communications infrastructure. It highlighted vulnerabilities in supply chain and third-party access, eroding trust in telecom security and prompting widespread reviews of critical infrastructure defenses. The incident has led to heightened regulatory scrutiny and forced companies to overhaul access controls.
  • Cost of Overall Resolution: Specific resolution costs are not publicly detailed, but estimates for such large-scale telecom breaches often exceed hundreds of millions of dollars, including forensic investigations, system upgrades, and compliance measures. Broader cybercrime costs, including those from state-sponsored attacks, contribute to global annual damages projected at $10.5 trillion by 2025.

2. Exploitation of Microsoft SharePoint Vulnerabilities (July 2025)

  • Breach Description: Chinese state-linked actors exploited zero-day vulnerabilities in Microsoft’s SharePoint software, allowing unauthorized access and ransomware deployment. The attacks began as early as July 7, 2025, targeting on-premises servers. Microsoft issued patches, but initial fixes were incomplete, leaving systems vulnerable. Impacted entities included global companies in sectors like manufacturing, finance, and IT, as well as U.S. government agencies and universities. Over 90 state and local governments were also hit, but private sector breaches were widespread.
  • Impact on Cybersecurity: The breaches enabled data exfiltration, system compromise, and ransomware, disrupting operations and exposing sensitive information. This incident underscored the risks of unpatched enterprise software, leading to a reevaluation of vulnerability management practices across industries and increasing the adoption of zero-trust architectures.
  • Cost of Overall Resolution: No precise figures are available for individual companies, but the average cost per data breach in the U.S. reached $10 million in 2025, factoring in detection, response, and recovery efforts. For affected organizations, costs could escalate due to ransomware payments (if made) and regulatory fines.

Additional Notable Incident: Surge in Chinese Cyber Espionage (February 2025)

  • Breach Description: Reports indicated a 150% overall surge in Chinese cyber espionage operations in 2024-2025, with up to 300% increases targeting financial, media, manufacturing, and industrial sectors. Hackers deployed backdoors and used cloud services for command-and-control, affecting companies in Southeast Asia, Hong Kong, Taiwan, and beyond.
  • Impact on Cybersecurity: This led to intellectual property theft and operational disruptions, forcing companies to enhance threat detection and supply chain security.
  • Cost of Overall Resolution: Aggregate costs align with the $10 million average per breach, with global implications contributing to trillions in annual cyber damages.

Prevention of These Breaches

Yes, these incidents were largely preventable through robust implementation of cybersecurity controls. Chinese-attributed attacks often exploit known vulnerabilities, weak access controls, and insufficient monitoring. Below are key steps organizations should take, referenced to relevant NIST SP 800-53 Revision 5 controls:

  • Vulnerability Management and Patching: Regularly scan for and apply patches to software like SharePoint and network devices. For Salt Typhoon and SharePoint exploits, timely updates could have mitigated risks (SI-2: Flaw Remediation; CM-3: Configuration Change Control).
  • Access Controls and Zero-Trust Architecture: Enforce least privilege and multi-factor authentication to limit lateral movement. This would prevent persistent access in espionage campaigns (AC-3: Access Enforcement; IA-2: Identification and Authentication).
  • Continuous Monitoring and Threat Detection: Deploy endpoint detection and response (EDR) tools to identify anomalous activity, such as backdoor implants (SI-4: System Monitoring; AU-6: Audit Record Review, Analysis, and Reporting).
  • Supply Chain Risk Management: Vet third-party vendors and monitor for compromises, especially in telecom and critical infrastructure (SR-3: Supply Chain Controls and Processes).
  • Incident Response Planning: Develop and test response plans to minimize resolution times and costs (IR-4: Incident Handling; IR-8: Incident Response Plan).
  • Employee Training and Awareness: Educate staff on phishing and social engineering, common initial access vectors (AT-2: Literacy Training and Awareness).

Organizations should conduct regular risk assessments (RA-3: Risk Assessment) and align with frameworks like NIST to prioritize these controls. Implementing them proactively can significantly reduce the likelihood and impact of similar breaches. If your organization requires a tailored assessment, I recommend starting with a gap analysis against NIST SP 800-53.

Storm Cloud Security

, , , , ,

Leave a comment