‘Most prevalent’ Chinese hacking group targets tech and law firms
Sign up now: Get ST's newsletters delivered to your inbox
Hackers dwell undiscovered in their victims’ networks for an average of more than a year, all the while stealing information about US national security and international trade, according to researchers.
PHOTO: REUTERS
Follow topic:
Suspected Chinese hackers are behind an ongoing cyber-espionage campaign against US technology companies and legal firms, stealing national security secrets often while remaining undetected, according to Alphabet’s Google.
The hacking group, which Google tracks under the code name UNC5221, is “the most prevalent adversary in the US over the past several years” in terms of frequency, severity and complexity of incidents, said Mr Charles Carmakal, chief technology officer at Google Cloud’s Mandiant consulting arm.
The attackers are described as extraordinarily advanced and stealthy.
They dwell undiscovered in their victims’ networks for an average of more than a year, all the while stealing information about US national security and international trade, researchers said.
The same group is also targeting key European industries.
“We believe many organisations are compromised right now and don’t know it,” said Mr Austin Larsen, principal analyst at Google’s Threat Intelligence Group.
“It’s very active right now. The volume is high.”
Google did not specify the victims of the hacking campaign. Meanwhile, the Chinese Embassy in Washington did not return a request for comment.
The campaign is the latest evolution of escalating Chinese hacking against the US.
American officials have blamed other state-sponsored groups, known as Salt Typhoon and Volt Typhoon, for infiltrating US telecommunications firms and critical infrastructure systems, respectively.
The attackers’ goals are to gather intelligence and embed in key systems to prepare for a potential future conflict, security experts said.
The report also adds dimension to the ongoing US-China trade disputes, as Google’s investigation found the hackers targeted American legal firms and then searched the e-mails of specific individuals primarily to gather information about international trade, according to Mr Larsen.
The attackers also targeted major American technology developers by stealing source code for enterprise technologies and spying on the mailboxes of specific technical individuals.
Mr John Hultquist, chief analyst for the Google Threat Intelligence Group, said: “You get hold of this technology’s source code, and then you leverage that information to gain access or build exploits of that technology, which would then give you basically a skeleton key to that technology.” BLOOMBERG
