Alphabet’s Google has identified a Chinese hacking group, tracked as UNC5221, as the primary culprit behind an extensive cyber-espionage campaign targeting US technology companies and legal firms. The attackers are suspected of stealing national security secrets while often remaining undetected within compromised networks. Google’s Mandiant consulting arm describes UNC5221 as the “most prevalent adversary in the US over the past several years,” considering the frequency, severity, and sophistication of their attacks.
Researchers say the group is exceptionally advanced and stealthy, often dwelling undetected in victims’ networks for an average of over a year. During this time, they exfiltrate information pertaining to US national security and international trade. Google, a multinational technology company focused on search engine technology, online advertising, cloud computing, software, and hardware, did not disclose the identities of the victimized companies. Google’s Threat Intelligence Group believes numerous organisations are currently compromised without their knowledge, with principal analyst Austin Larsen noting the high activity volume.
The hacking group is also reportedly targeting key industries in Europe. The ongoing campaign highlights the increasing sophistication and persistence of state-sponsored cyber threats aimed at pilfering sensitive information from Western entities.
In response to the allegations, officials at the Chinese Embassy in Washington refuted the characterisation of the hackers, stating that China opposes all forms of cyberattacks and cybercrimes. A spokesperson for the embassy, Liu Pengyu, emphasised the complexity of tracing cyberattack origins and urged relevant parties to base their characterisations on sufficient evidence rather than speculation and accusations.
