But two people briefed on the investigation, as well as security experts who have been tracking the Codoso hackers as they have targeted hundreds of victims around the world, said it would be premature to say what the hackers did and did not accomplish since they were discovered in August.

To start, the hackers were inside LoopPay’s network for five months before they were discovered. And the Codoso Group is known for maintaining a hidden foothold in its victims’ systems. Security experts say the group’s modus operandi is to plant hidden back doors across victims’ systems so that they continue to infiltrate their networks long after the initial breach.

In a multistage Codoso attack of Forbes in February, for example, the group infected the website of Forbes.com with malicious code that infected the site’s visitors. But that was just the start. From there, other members of the group used that foothold in visitors’ machines to search for valuable targets in the defense sector.

After a similar attack by another Chinese state-affiliated hacking group on the U.S. Chamber of Commerce in 2011, the chamber believed it had rid hackers from its network only to discover months later that an office printer and even a thermometer in one of its corporate apartments were still sending information back to computers in China.

Samsung introduced Samsung Pay in the United States just 38 days after LoopPay learned it had been breached. On average, it takes 46 days before an attack by hackers can be fully resolved, according to the Ponemon Institute, a nonprofit that tracks breaches. But the time to fix the damage is typically much longer in cases of sophisticated Chinese hackings like the one at LoopPay.

“Once Codoso compromises their targets — which range from dissidents to C-level executives in the U.S. — they tend to stay there for quite a long time, building out their access points so they can easily get back in,” said John Hultquist, the head of intelligence on cyberespionage at iSight Partners, a security firm. “They’ll come back to a previous organization of interest again and again.”

LoopPay hired two private forensics teams to investigate the breach on Aug. 21, just a month before it was set to bring Samsung Pay to the United States, according to Mr. Graylin. Both are still working the case.