Google says state-sponsored Chinese hackers are targeting Ukraine

Google says state-sponsored Chinese hackers are targeting Ukraine

According to Bleeping Computer, Google informed Ukraine earlier this week about a hacking threat from attackers employed by the Chinese government. TAG engineer Billy Leonard tweeted that the team had managed to identify government-backed actors based in China going after Ukrainian state organizations and sounded the alarm.

For years, state-funded hackers have been conducting conflicts online. With Russia’s continuous invasion of Ukraine, the cyber warfare front has heated up. While the fighters on the ground and in the air are now mostly from two nations, reports from Google’s Threat Analysis Group (TAG) indicate that there are additional actors engaging in cyberspace, including Chinese military hackers.


  • Bleeping Computer pointed out that these reports appear to have been confirmed by other groups focused on tracking and revealing the actions of Chinese hackers — and that while there was a clear switch in focus for some of the groups, there has been a broader onslaught of hacking efforts aimed at European targets in general. It’s jarring to learn that China’s PLA is involved in any action against Ukraine at all. For now, it may be that military cyber threats are essentially the equivalent of breaking and entering in an attempt to ferret out classified information. The People’s Liberation Army may just want to stay informed. Unfortunately, what the PLA really plans to do with any exfiltrated data remains an open and anxiety-inducing question.

  • The “CN PLA” Leonard refers to in the tweet is the Chinese People’s Liberation Army (PLA). In a tweet of his own, Shane Huntley, the head of TAG, confirmed the news, noting that Russia’s assault on Ukraine “isn’t only attracting interest from European threat actors. China is working hard here too.” Google had already warned of China-based hacking threats against Ukraine on March 7 in a TAG “update on the threat landscape.” In this case, it came from a group that calls itself Mustang Panda. Google noted that this was a shift in focus for these hackers, who reportedly tend to go after victims based in Southeast Asia.