Hello Readers,

China-Linked Hackers Deploy ‘BRICKSTORM’ Backdoor in New IP Theft Campaign

Chinese government-linked hackers are deploying a new backdoor called BRICKSTORM to penetrate organizations handling sensitive data, according to incident responders at Google’s Mandiant. The campaign, active since March 2025, has targeted law firms, SaaS providers, and technology companies with the objective of stealing intellectual property and executive-level communications.

Mandiant attributes the activity to UNC5221, a group previously accused of exploiting vulnerabilities in Ivanti firewall products. The hackers have demonstrated both persistence and adaptability — in some cases maintaining access to victim systems for over a year. The campaign notably bypasses enterprise defenses by implanting BRICKSTORM on Linux appliances such as VMware vCenter and ESXi hosts, which often lack endpoint detection and response (EDR) coverage.

The attackers leveraged Microsoft tools to access mailboxes of senior leaders, developers, and administrators, aligning their espionage priorities with China’s national security and economic interests. In one case, BRICKSTORM was deployed on a vCenter server even as incident response investigations were underway, underscoring the hackers’ ability to adapt in real time.

Mandiant warned that UNC5221’s tactics allow them to pivot into downstream customers of compromised SaaS providers, and potentially harvest vulnerabilities for future zero-day exploitation. Investigators also found evidence of an obfuscation network built on compromised small office/home office routers, suggesting a broader infrastructure underpinning the campaign.

While linked to previous Chinese state operations like Silk Typhoon and Volt Typhoon, Mandiant treats UNC5221 as distinct. Still, the group’s focus on law firms handling U.S. national security and trade issues points to a long-term intelligence mission — with implications that stretch well beyond standard corporate espionage.

Why it matters:

This campaign highlights the growing overlap between Chinese cyber operations, corporate intelligence, and national security objectives. By embedding backdoors on overlooked infrastructure and focusing on legal and SaaS ecosystems, UNC5221 is quietly positioning Beijing to extract both strategic intelligence and zero-day vulnerabilities for future operations.

Xi Urges Xinjiang to Maintain “Stability” Amid Sanctions Pressure

President Xi Jinping traveled to Urumqi this week for the 70th anniversary of Xinjiang’s designation as an autonomous region, marking the first visit by a Chinese leader to the region in decades. In a meeting with local cadres, Xi called for “every effort” to maintain social stability, urging officials to build a “people’s defense line against terrorism” and to promote what he described as a “correct view” of history, ethnicity, culture, and religion.

The visit comes after years of security crackdowns that targeted Uyghurs and other Turkic Muslim minorities, drawing global condemnation and U.S. sanctions. Washington has accused Beijing of forced labor and mass detentions, while Chinese officials insist that so-called “vocational centers” closed in 2019.

Xi also pressed Xinjiang leaders to offset the region’s economic strain from sanctions by developing industrial clusters, clean tech manufacturing, and cultural tourism. Earlier this year, the U.S. barred imports from 37 Chinese companies, including one of the world’s largest textile producers. Local officials recently acknowledged that the measures have fueled unemployment and disrupted exports.

Flanked by senior figures Wang Huning and Cai Qi, Xi said Xinjiang should play a “greater role” in China’s dual circulation strategy, aimed at reducing reliance on external markets while boosting domestic demand. State media showed crowds of Uyghurs welcoming him with flags and dances, underscoring Beijing’s push to project unity at a time when international scrutiny of Xinjiang remains intense.

China Drops WTO “Special Status” in Trade Talks

China has announced that it will no longer seek Special and Differential Treatment (SDT) in future World Trade Organization negotiations. This move means that Beijing is voluntarily giving up the trade privileges tied to its self-declared “developing country” status, although the classification itself will remain unchanged.

Premier Li Qiang framed the decision as a demonstration of China’s responsibility and commitment to the multilateral trading system. WTO Director-General Ngozi Okonjo-Iweala welcomed the announcement, describing it as a pivotal moment for trade reform.

The decision addresses a longstanding criticism from the United States and other advanced economies, which have argued that China should not continue to benefit from developing-country exemptions given its position as the world’s second-largest economy. By dropping SDT for future negotiations, Beijing is attempting to ease tensions and present itself as a leader in global trade governance.

Strategically, China’s move allows it to project goodwill while still preserving flexibility. Past SDT entitlements remain in place, and Beijing emphasized that it will retain its developing-country label within the WTO. This distinction signals that China can continue to align itself with developing nations, particularly in the Global South, while also positioning itself as a responsible stakeholder in global institutions.

The real test will be how China behaves in upcoming trade talks. Critics will watch closely to see whether Beijing follows through with meaningful concessions on market access and foreign competition. For now, China has sent a calculated signal that it is willing to adjust its trade posture to maintain legitimacy in an era of rising skepticism toward multilateralism.

TSMC Leans on AI to Break Chip Barriers

Nvidia’s top AI servers consume up to 1,200 watts each, highlighting the enormous energy demands driving semiconductor innovation. TSMC is pursuing new “chiplet” designs that package multiple components together, but advancing them requires AI-powered design tools.

Partners like Cadence and Synopsys have rolled out software that can outperform human engineers, solving tasks in minutes that would otherwise take days. TSMC says these tools help “max out” its technology as chip complexity increases.

Still, fundamental limits remain. Traditional electrical connections are reaching their capacity, pushing researchers toward optical links to move data more efficiently. As Meta’s Kaushik Veeraraghavan noted, “This is not just an engineering problem. It’s a fundamental physical problem.”

Reads

India Doesn’t Want to Need China — Brookings