Suspected Chinese hackers are behind an ongoing cyberespionage campaign against US technology companies and legal firms, stealing national security secrets often while remaining undetected, according to Alphabet Inc.’s Google.
The hacking group, which Google tracks under the code name UNC5221, are “the most prevalent adversary in the US over the past several years” in terms of frequency, severity and complexity of incidents, said Charles Carmakal, chief technology officer at Google Cloud’s Mandiant consulting arm.
The attackers are described as extraordinarily advanced and stealthy. They dwell undiscovered in their victims’ networks for an average of more than a year, all the while stealing information about US national security and international trade, researchers said. The same group is also targeting key European industries.
“We believe many organizations are compromised right now and don’t know it,” said Austin Larsen, principal analyst at Google’s Threat Intelligence Group. “It’s very active right now. The volume is high.”
Google didn’t specify the victims of the hacking campaign.
Officials at the Chinese Embassy in Washington rejected the characterization of the hackers and said China “opposes and combats all forms of cyberattacks and cybercrimes.”
“Tracing the source of cyberattacks is a complex technical issue,” Liu Pengyu, a spokesperson for the embassy, said in a statement. “We hope that relevant parties will adopt a professional and responsible approach and base their characterization of cyber incidents on sufficient evidence, rather than groundless speculation and accusations.”
The campaign is the latest evolution of escalating Chinese hacking against the US. American officials have blamed other state-sponsored groups known as Salt Typhoon and Volt Typhoon for infiltrating US telecommunications firms and critical infrastructure systems, respectively. The attackers’ goals are to gather intelligence and embed in key systems to prepare for a potential future conflict, security experts said.
The report also adds dimension to the ongoing US-China trade disputes as Google’s investigation found the hackers targeted American legal firms and then searched the emails of specific individuals primarily to gather information about international trade, according to Larsen.
The attackers also targeted major American technology developers by stealing source code for enterprise technologies as well as spying on the mailboxes of specific technical individuals.
“You get hold of this technology’s source code and then you leverage that information to gain access or build exploits of that technology which would then give you basically a skeleton key to that technology,” said John Hultquist, chief analyst for the Google Threat Intelligence Group.
Photo: Photographer: Luke MacGregor/Bloomberg
Copyright 2025 Bloomberg.
Topics
Cyber
InsurTech
Tech
China
Interested in Cyber?
Get automatic alerts for this topic.