Unknown intruders – likely China-linked spies – have broken into "numerous" enterprise networks since March and deployed backdoors, providing access for their long-term IP and other sensitive data stealing missions, all the while remaining undetected on average for 393 days, according to Google Threat Intelligence.

In a paper published today, the threat hunters attribute these network intrusions to UNC5221 and other related suspected Chinese threat groups. UNC5221 has been abusing zero-days in buggy Ivanti gear since at least 2023.

Google notes that this UNC crew is separate from Silk Typhoon (aka Hafnium ), believed to be behind the December break-in at the US Treasury Department .

UNC in Google's threat-group naming taxonomy stands for "Uncategorized," as opposed to FIN (financially m

See Full Page