Chinese hackers singled out over two dozen universities in the US and around the world in an apparent bid to gain access to maritime military research, according to a report by cybersecurity firm iDefense, which was obtained by The Wall Street Journal.

The hackers sent universities spear phishing emails doctored to appear as if they came from partner universities, but they unleashed a malicious payload when opened. Universities are traditionally seen as easier targets than US military contractors, and they can still contain useful military research.

Twenty-seven universities were found to have been targeted by the group, including the Massachusetts Institute of Technology, the University of Washington, and other colleges in Canada and Southeast Asia. iDefense didn’t name every school in the report due to ongoing investigations, but anonymous sources told the WSJ that Penn State and Duke University were two of the other targets.

The cyberattacks focused on universities that either studied underwater tech or had faculty with relevant backgrounds. Many had ties to the US’s largest oceanographic research institute, which itself has ties to the US Navy’s warfare center. iDefense said it was highly confident the institute had been breached.

Ongoing attacks since 2017

The group has been given various nicknames by security researchers, like Temp.Periscope, Mudcarp, or Leviathan. Its connection to the Chinese government is unclear, but because the group appears to be targeting US military data, analysts believe the Chinese government is a likely sponsor. The same was reportedly behind the hacking of a US Navy contractor last June.

The report of more Chinese cyberattacks comes at a diplomatically sensitive time when the US is weighing large security concerns against tech companies like Huawei and ZTE. Huawei and ZTE both deny the accusations. At the same time, there are still ongoing tariffs that are hurting US-China relations. More Chinese cyberattacks occurring over this time frame just complicates the narrative and could potentially reinforce the security fears expressed by US intelligence agencies.