How an Overseas Hacker Group Disrupted a Guangzhou Tech Company's Services

On the 20th, the Guangzhou Tianhe District Public Security Bureau announced that a local technology company's self‑service equipment backend was breached, with multiple malicious code files uploaded.

Police investigators quickly collected samples, preserved electronic evidence, and through technical analysis identified the incident as a coordinated cyber‑attack launched by an overseas hacker organization.

The attackers bypassed the company's network defenses, accessed the backend system, performed lateral movement to control several devices, and illegally uploaded attack programs, causing the official website and some business systems to be disrupted for several hours, resulting in significant losses and possible leakage of user privacy data. The company activated its emergency response plan, attempted system restoration, and reported the incident to authorities.

Authorities described the operation as a large‑scale, organized, pre‑meditated attack with clear signs of cyber‑warfare, not a typical individual hacker. Preliminary tracing showed the group habitually uses open‑source tools to scan critical sectors, identify weak points, infiltrate systems, steal or destroy data, and disrupt operations. Although the attackers' technical level appears modest, numerous network clues were left, which police are analyzing.

Police emphasized that the attack infringes on the company's legal rights and seriously threatens national cyberspace order and public interest, and that law‑enforcement will rigorously combat such illegal activities.