Suspected Chinese hackers are behind an ongoing cyberespionage campaign against US technology co
mpanies and legal firms, stealing national security secrets often while remaining undetected, according to Alphabet Inc.’s Google.
The hacking group, which Google tracks under the code name UNC5221, are “the most prevalent adversary in the US over the past several years” in terms of freque
ncy, severity and complexity of incidents, said Charles Carmakal, chief technology officer at Google Cloud’s Mandiant consulting arm.
The attackers are described as extraordinarily advanced and stealthy. They dwell undiscovered in their victims’ networks for an average of more than a year, all th
e while stealing information about US national security and international trade, researchers said. The same group is also targeting key European industries.
“We believe many organizations are compromised right now and don’t know it,” said Austin Larsen, princip
al analyst at Google’s Threat Intelligence Group. “It’s very active right now. The volume is high.”
Google didn’t specify the victims of the hacking campaign.
Officials at the Chinese Embassy in Washington rejected the characterization of the hackers and said China “opposes
and combats all forms of cyberattacks and cybercrimes.”
“Tracing the source of cyberattacks is a complex technical issue,” Liu Pengyu, a spokesperson for the embassy, sa
See more beautiful photo albums Here >>>
id in a statement. “We hope that relevant parties will adopt a professional and responsible approach and base thei
r characterization of cyber incidents on sufficient evidence, rather than groundless speculation and accusations.”
The campaign is the latest evolution of escalating Chinese hacking against the US. American officials have bl
amed other state-sponsored groups known as Salt Typhoon and Volt Typhoon for infiltrating US telecommunications
firms and critical infrastructure systems, respectively. The attackers’ goals are to gather intelligence and embed in key systems to prepare for a potential futur
e conflict, security experts said.
The report also adds dimension to the ongoing US-China trade disputes as Google’s investigation found the hackers
targeted American legal firms and then searched the emails of specific indi
viduals primarily to gather information about international trade, according to Larsen.
The attackers also targeted major American technology developers by stealing source code for enterprise techn
ologies as well as spying on the mailboxes of specific technical individuals.
“You get hold of this technology’s source code and then you leverage that information to gain access or build exploits of that technology which would then give you b
asically a skeleton key to that technology,” said John Hultquist, chief analyst for the Google Threat Intelligence Group.