A large-scale cyber espionage campaign targeting at least 70 organisations in 37 countries, including Cyprus, has been uncovered by cybersecurity firm Palo Alto Networks, according to a report cited by Bloomberg.
The campaign, carried out over the course of a year, involved an Asia-based cyber espionage group that successfully infiltrated government systems and critical infrastructure networks across multiple regions, raising international concerns over information security. While Palo Alto Networks did not formally attribute the activity to a specific country, investigators said the evidence points towards China.
Targets included governments and law enforcement agencies
According to the company’s findings, the attackers breached networks belonging to 70 organisations, including five national law enforcement and border control agencies. The campaign also compromised three finance ministries, the parliament of one country and a senior elected official in another.
Researchers said the operation allowed hackers to collect sensitive information in what appeared to be a coordinated effort aligned with geopolitical developments such as diplomatic missions, trade negotiations, political unrest and military activity.
An Asian cyber-espionage group has spent the past year breaking into computer systems belonging to governments and critical infrastructure organizations in more than 37 countries, according to Palo Alto Networks https://t.co/oBO4uZMqLq
— Bloomberg (@business) February 5, 2026
Access to emails and sensitive communications
Using their access, the attackers monitored email messages, financial transactions and communications related to military and police operations. They also obtained information linked to diplomatic affairs, remaining undetected within some systems for months at a time.
“They use highly targeted and tailored phishing messages and known but unpatched security vulnerabilities to gain access to these networks,” said Pete Renals, programme director for national security at Unit 42, the threat intelligence division of Palo Alto Networks. He said espionage appeared to be the primary motivation behind the attacks, with a focus on email systems and other sensitive data.
US authorities aware, intelligence agencies silent
The US Cybersecurity and Infrastructure Security Agency said it is aware of the operation and is working with partners to prevent hackers from exploiting the vulnerabilities identified in the report. Nick Andersen, deputy assistant director for cybersecurity at CISA, said mitigation efforts are under way.
Representatives of the FBI and CIA declined to comment, while the National Security Agency did not respond to a request for comment from Bloomberg.
Evidence of links to Chinese interests
Palo Alto Networks confirmed that the hacking group managed to steal sensitive data from some of the victims’ email systems. The company said it notified affected organisations and offered assistance, identifying some of them publicly in its report, an unusual step for a cybersecurity firm.
Investigators noted that several of the hackers’ actions coincided with issues and events of particular importance to the Chinese government.
One suspected breach occurred a day after the arrest of Venezuelan leader Nicolás Maduro by US military and law enforcement forces. From 4 January, hackers are believed to have compromised a device linked to a facility operated by Venezolana de Industria Tecnológica, a joint venture between the Venezuelan government and an Asian technology company. The organisation did not respond to requests for comment.
Activity followed sensitive diplomatic events
Another hacking campaign targeted government bodies in the Czech Republic. In July 2025, Czech President Petr Pavel met the Dalai Lama. In the weeks that followed, hackers conducted reconnaissance against Czech government institutions, including the military, police, parliament and foreign ministry.
A spokesperson for the Czech National Cyber and Information Security Authority said such reconnaissance activity is common and does not automatically mean systems were breached. China’s embassy in Prague has previously dismissed allegations of cyber attacks against the Czech Republic as unfounded.
Rare earths and global footprint
The hacking group also breached Brazil’s Ministry of Mines and Energy, which oversees significant rare earth reserves, according to the report. The ministry said it had not detected unusual traffic or suspicious attempts to compromise its systems.
The campaign is also suspected to have affected Germany, Poland, Greece, Italy, Cyprus, Indonesia, Malaysia, Mongolia, Panama and other countries.
China restricts use of US security products
According to a government directive seen by Bloomberg News, the Chinese government has recently barred domestic companies from using products made by Palo Alto Networks, as well as security technology from more than a dozen other US and Israeli suppliers.
The move has further fuelled suspicions that the cyber espionage activity aligns with broader Chinese strategic and security interests.