Do Son 
The Chinese hacking collective known as Brass Typhoon—also operating under the aliases APT 41 and Barium—has once again captured the attention of cybersecurity researchers. Though its name surfaces less frequently than that of groups like Volt Typhoon or Salt Typhoon, it is Brass Typhoon that stands behind a sweeping array of large-scale, technically sophisticated attacks spanning dozens of countries and industries. Experts emphasize that the group’s activity has not waned; on the contrary, it has become increasingly refined and clandestine.
Active since the early 2010s, Brass Typhoon has, in the past year, orchestrated a series of high-profile breaches across sectors such as telecommunications, energy, logistics, semiconductor manufacturing, and even online gambling platforms. Unlike its more publicly visible counterparts, Brass Typhoon operates in silence, favoring stealth over spectacle. Analysts note that its breadth of targets is so vast, it gives the impression of not a single group but rather a coalition operating under a unified banner.
Recent campaigns include intrusions into livestock management applications, the theft of source code and chip schematics from Taiwanese manufacturers, and the compromise of firms involved in materials science, media, high-tech industries, and the automotive sector. In each of these operations, the group employed advanced malware and tailored its tools to the specific context—evidence of both technical sophistication and strategic adaptability.
Brass Typhoon rose to prominence in the late 2010s with audacious supply chain attacks and incursions into telecom providers, where the objective often included call data interception. Subsequent reports linked the group to China’s Ministry of State Security. Unlike conventional cyber-espionage units, however, Brass Typhoon has also engaged in cybercriminal ventures, including fraud within the video game industry and manipulation of in-game currencies—a hybrid approach that has become APT 41’s defining hallmark.
Analysts now find it increasingly difficult to track the group’s operations, largely due to the convergence of its activities with those of other Chinese threat actors. Salt Typhoon, which targets the U.S. telecom sector, and Volt Typhoon, which focuses on critical infrastructure, operate in a similar vein. Together, they form a seamless cyber-ecosystem, painstakingly constructed by China over years and now demonstrating exceptional coordination and effectiveness.
According to a former director of the U.S. Cybersecurity and Infrastructure Security Agency, it is becoming less relevant to view these groups as discrete entities. They are components of a larger apparatus—one that positions China as the most persistent and formidable cyber threat on the global stage. Groups like Brass Typhoon play a critical role in this expansive mechanism.
Mandiant has also remarked that the era of loud, easily traceable attacks is fading. Today’s threat actors favor subtlety, evading detection through precision and discretion. Though Brass Typhoon still conducts high-profile operations, it increasingly prioritizes stealth and evasion.
The overarching conclusion drawn by specialists is clear: Brass Typhoon has neither vanished nor retreated underground. It has evolved—mastering the art of disguise and continuing its calculated assaults on global industries. In an age where the boundaries between espionage and cybercrime are dissolving, such actors become especially dangerous—not because they strike loudly, but because they strike inevitably.
