Most Prevalent Chinese Hacking Group Targets Tech, Law Firms

A shocking cyberespionage campaign has been uncovered by Alphabet Inc.'s Google, revealing that a notorious Chinese hacking group, known as UNC5221, is behind the attacks on US technology companies and law firms. The group's frequency, severity, and complexity of incidents make them the "most prevalent adversary in the US over the past several years," according to Charles Carmakal, chief technology officer at Google Cloud's Mandiant consulting arm.

The attackers are described as extraordinarily advanced and stealthy, able to dwell undetected in their victims' networks for an average of more than a year while stealing sensitive information about US national security and international trade. This sophistication is what makes them so formidable, according to Austin Larsen, principal analyst at Google's Threat Intelligence Group.

"We believe many organizations are compromised right now and don't know it," said Larsen. "It's very active right now. The volume is high." Google did not specify the victims of the hacking campaign, but experts warn that this could be a widespread issue, with potentially thousands of organizations affected.

Officials at the Chinese Embassy in Washington have rejected the characterization of the hackers, stating that China "opposes and combats all forms of cyberattacks and cybercrimes." Liu Pengyu, a spokesperson for the embassy, said: "Tracing the source of cyberattacks is a complex technical issue. We hope that relevant parties will adopt a professional and responsible approach and base their characterization of cyber incidents on sufficient evidence, rather than groundless speculation and accusations."

The campaign is the latest evolution of escalating Chinese hacking against the US. American officials have blamed other state-sponsored groups known as Salt Typhoon and Volt Typhoon for infiltrating US telecommunications firms and critical infrastructure systems, respectively. However, Google's investigation suggests that UNC5221 may be a more significant threat, with its targets including major American technology developers and legal firms.

The attackers' goals are to gather intelligence and embed in key systems to prepare for a potential future conflict, security experts said. The report also adds dimension to the ongoing US-China trade disputes as Google's investigation found that the hackers targeted American legal firms and then searched the emails of specific individuals primarily to gather information about international trade.

"You get hold of this technology's source code and then you leverage that information to gain access or build exploits of that technology, which would then give you basically a skeleton key to that technology," said John Hultquist, chief analyst for the Google Threat Intelligence Group. The implications are severe, with US companies facing significant risks to their intellectual property and national security secrets.

This cyberespionage campaign highlights the ongoing threat posed by Chinese state-sponsored hackers to US businesses and organizations. As the stakes continue to rise, it is essential that US officials take a proactive approach to addressing this issue, including improving cybersecurity measures and strengthening international cooperation to combat cybercrime.