If you used all of the computational power in existence it would take longer than the universe has existed to break AES 256. So you’re intuition is right that hackers aren’t brute-forcing this because it’s computationally intractable. But here’s the catch, you only get that level of security if you’re using a random 256 bit key. In reality every key is either:

1) Derived from something like a password, and nobody is using 256 bit passwords (not even close). A password with 256 bits of entropy would look like this “Aj29niP8B6z9rq2wPq51vxeJTbp4fDZaHevpnn1AZvl” imagine trying to memorize that. In reality 30 bits of entropy would be high for a password, which is very brute-forceable.

2) Computer generated random keys. These will have 256 bits of entropy (or close to it, at least) but you can’t just memorize these. You have to generate and then store them somewhere. Hackers will attack either the generation process (hack into the computer where the keys are being generated and snoop on the keys) or the storage (hack into the place that keys are being stored). If you encrypt the key storage, you haven’t “fixed” the problem, you’ve just moved the target. The hackers will just go after that key.