Unknown intruders - likely China-linked spies - have broken into "numerous" enterprise networks since March and deployed backdoors, providing access for their long-term IP and other sensitive data stealing missions, all the while remaining undetected on average for 393 days, according to Google Threat Intelligence. In a paper published today, the threat hunters attribute these network intrusions to UNC5221 and other related suspected Chinese threat groups. UNC5221 has been abusing zero-days in buggy Ivanti gear since at least 2023.