Google Reveals Chinese Espionage Group Lurking Since 2023

Google's threat intelligence team has identified a Chinese state-backed espionage group that has been operating undetected in global networks since at least 2023, according to a CyberScoop report. The group, tracked as UNC6508, has been observed dropping backdoors into critical infrastructure systems to intercept research and exfiltrate sensitive data.

The operation mirrors an alarming pattern of Beijing-linked cyber espionage campaigns targeting sectors with national security implications. While the full scope of victims remains unclear, the group's longevity suggests a high degree of stealth and operational security. No CVSS score was disclosed, but the extended dwell time indicates significant compromise.

Technical analysis reveals the group deploys custom backdoors that blend into legitimate network traffic, evading standard detection tools. Indicators of compromise include anomalous outbound connections to command-and-control infrastructure, though specific file hashes or IP addresses have not been made public to avoid tipping off adversaries.

Google has not yet released a comprehensive mitigation advisory, but organizations in critical infrastructure sectors are urged to audit network logs for signs of unauthorized access. The firm recommends implementing behavioral detection systems and restricting lateral movement within networks.

Attribution points to Chinese state sponsorship, though Beijing has not commented. The disclosure adds to growing concerns over cyber espionage targeting research institutions and utilities, with no immediate diplomatic response reported.