Gigglesnort. I'm well aware of brute forcing and dictionary attacks. What, did you finish reading Playskool's My First Cyber Security Book or something? Providing network security consulting for commercial companies is what I occasionally still do for a living, when I feel like working, what being semi-retired and all.
The Chinese privateers don't use these sorts of techniques. They have much, much better luck with phishing attacks and making people click on links they wouldn't otherwise be inclined to click on which contain payloads that hide out on networks, often undetected for months. You should read the paper by Mandiant on the Chinese Advanced Persistent Threat, you might learn something. And they don't bother with these sorts of script kiddie activities like stealing encrypted passwords, there's not the pay off there once was.
Besides, you do know that "IP addresses and domains" are generally the easiest things to get about a target from afar, yes? Pretty damn close to public information, like a street address.
And from your article:
This looks like he showed the SCMP IP addresses that are Chinese assets which were under attack by the NSA.
Reading comprehension -- not so much, eh?