PRC state-sponsored intrusion set publicly attributed by the U.S. DOJ to the Ministry of State Security's Tianjin State Security Bureau, operating through Huaying Haitai. Best known for the Cloud Hop…
PRC state-affiliated intrusion set publicly attributed by the U.S. DOJ to the Guangzhou-based front company Boyusec (Guangzhou Bo Yu Information Technology), working in concert with the Ministry of S…
PRC state-sponsored intrusion set publicly attributed to the Ministry of State Security's Hubei State Security Department, operating through the front company Wuhan Xiaoruizhi Science and Technology…
Chinese state-sponsored cyberespionage actor publicly attributed to the Ministry of State Security (MSS) Hainan State Security Department. Targets maritime industries, defense, government, and resear…
Chinese state-affiliated group notable for blending espionage with financially-motivated operations (game-industry currency theft, cryptocurrency). Implicated in multiple software supply-chain compro…
Chinese state-sponsored intrusion set assessed to operate on behalf of the Ministry of State Security (MSS). Best known for the OPM breach (discovered May 2014, exfiltration through April 2015) — the…
Chinese cyberespionage intrusion set publicly attributed to a Beijing-based group and best known for Operation Aurora — a mid-2009 to January 2010 campaign against Google, Adobe, Juniper Networks, an…
PRC state-affiliated intrusion set operating through Integrity Technology Group — a Beijing-based, publicly-traded cybersecurity contractor sanctioned by the U.S. Treasury OFAC in January 2025. Speci…
PRC state-sponsored intrusion set tracked by Anthropic under the internal designation GTG-1002, publicly disclosed in Anthropic's November 2025 threat-intelligence report as the actor behind the **fi…
PRC state-sponsored intrusion set named by Microsoft for the January 2021 mass exploitation of on-prem Exchange Server via the ProxyLogon chain (CVE-2021-26855 / -26857 / -26858 / -27065). Hafnium op…
PRC state-aligned intrusion set focused on espionage against European government and NGO targets, Southeast Asian government and military targets (especially around the South China Sea), Mongolia, Ta…
PRC state-sponsored intrusion set publicly attributed by ThreatConnect and Defense Group Inc. to the People's Liberation Army Unit 78020 (Chengdu Military Region Second Technical Reconnaissance Burea…
PLA 54th Research Institute (Strategic Support Force Unit 54466) members indicted by the U.S. DOJ on 10 February 2020 for the Equifax data breach of May–July 2017. Four military personnel — Wu Zhiyon…
PRC state-backed actor responsible for the 2024 intrusions into U.S. commercial telecommunications providers — among the most consequential telecom-targeted operations on the public record. Operates…
PRC state-coordinated influence operation publicly attributed by Meta and Microsoft as the largest known covert online influence operation, with infrastructure and behavioural overlap with the Chines…
PRC-attributed intrusion set identified by Microsoft in July 2023 after it forged authentication tokens using a stolen Microsoft MSA consumer signing key, enabling access to the Exchange Online mailb…
PRC state-sponsored actor focused on pre-positioning in U.S. critical infrastructure (communications, energy, transportation, water). Heavy use of living-off-the-land techniques and small-office/home…