Suspected Chinese hackers are conducting a stealthy cyberespionage campaign against US technology companies and legal firms, according to Google. The group, tracked under the code name UNC5221, has been described as the most dangerous adversary in recent years due to the frequency, severity, and complexity of its attacks.
Charles Carmakal, Chief Technology Officer at Google Cloud’s Mandiant, said the hackers remain hidden inside networks for more than a year on average, quietly stealing sensitive data on US national security and international trade. Researchers also warned that the group is targeting major European industries.
Austin Larsen, principal analyst at Google’s Threat Intelligence Group, stated:
“We believe many organizations are compromised right now and don’t know it. The volume is high.”
The Chinese Embassy in Washington denied the accusations, stressing that Beijing opposes all forms of cyberattacks. Spokesperson Liu Pengyu called the attribution “groundless speculation,” arguing that tracing cyberattacks is a highly complex process.
The findings add to escalating tensions in the US-China trade dispute and follow previous accusations against other Chinese state-sponsored groups, such as Salt Typhoon and Volt Typhoon. These groups have been blamed for infiltrating US telecommunications and critical infrastructure.
Security experts warn that the hackers’ objectives go beyond intelligence gathering—they may be embedding themselves within critical systems in preparation for a future conflict.
Google’s investigation revealed that the hackers specifically targeted American legal firms to access sensitive emails related to international trade negotiations. They also infiltrated major US technology developers, stealing source code for enterprise technologies.
John Hultquist, Chief Analyst at Google’s Threat Intelligence Group, explained the risk:
“If you gain access to a technology’s source code, you can build exploits that act like a skeleton key, unlocking systems worldwide.”
The campaign is considered one of the most sophisticated cyber threats currently facing the United States and its allies.