{"id":186833,"date":"2026-02-12T13:03:00","date_gmt":"2026-02-12T18:03:00","guid":{"rendered":"https:\/\/testing.news-you-need.com\/index.php\/2026\/02\/12\/exclusive-palo-alto-chose-not-to-tie-china-to-hacking-campaign-for-fear-of-retaliation-from-beijing-sources-say\/"},"modified":"2026-02-12T15:35:08","modified_gmt":"2026-02-12T20:35:08","slug":"exclusive-palo-alto-chose-not-to-tie-china-to-hacking-campaign-for-fear-of-retaliation-from-beijing-sources-say","status":"publish","type":"post","link":"https:\/\/testing.news-you-need.com\/index.php\/2026\/02\/12\/exclusive-palo-alto-chose-not-to-tie-china-to-hacking-campaign-for-fear-of-retaliation-from-beijing-sources-say\/","title":{"rendered":"Exclusive: Palo Alto chose not to tie China to hacking campaign for fear of retaliation from Beijing, sources say"},"content":{"rendered":"

Exclusive: Palo Alto chose not to tie China to hacking campaign for fear of retaliation from Beijing, sources say<\/a><\/p>\n

https:\/\/www.reuters.com\/world\/china\/palo-alto-chose-not-tie-china-hacking-campaign-fear-retaliation-beijing-sources-2026-02-12\/<\/a><\/p>\n

Publish Date: 2026-02-12 13:03:00<\/a><\/p>\n

Source Domain: www.reuters.com<\/a><\/p>\n

Author: <\/a><\/p>\n

Using an unordered list, summarize the following article with between 4 and 8 key points. The company instead blamed a \u201cstate-aligned group that operates out of Asia\u201dSources say the company watered down the report for fear of retaliation from BeijingCybersecurity firms face risks when attributing state-sponsored cyberespionage, expert saysWASHINGTON, Feb 12 (Reuters) – Palo Alto Networks (PANW.O), opens new tab opted not to tie China to a global cyberespionage campaign the firm exposed last week over concerns that the cybersecurity company or its clients could face retaliation from Beijing, according to two people familiar with the matter.The sources said that Palo Alto\u2019s findings that China was tied to the sprawling hacking spree were dialed back following last month\u2019s news, first reported by Reuters, that Palo Alto was one of about 15 U.S. and Israeli cybersecurity companies whose software had been banned by Chinese authorities on national security grounds. Sign up here.A draft version of the report by Palo Alto\u2019s Unit 42, the company\u2019s threat intelligence arm, said that the prolific hackers – dubbed \u201cTGR-STA-1030\u201d in a report published on Thursday of last week – were connected to Beijing, the two people said. The finished report instead described the hacking group more vaguely as a \u201cstate-aligned group that operates out of Asia.\u201dAttributing sophisticated hacks is notoriously difficult and debates over how best to assign blame for digital intrusions are common among cybersecurity researchers. But Palo Alto has attributed hacks to China in the past, including as recently as this past September, opens new tab, and the sources told Reuters that Unit 42\u2019s researchers were confident, based on a wealth of forensic clues, that the newly uncovered hacking campaign was tied to China too.The change, the sources said, was ordered by Palo Alto executives because they were concerned by the software ban and feared drawing retaliation from Chinese authorities, either against the company\u2019s personnel in China or its clients elsewhere.The sources did not identify which executives made the decision to soften the report\u2019s conclusions or provide the precise language that had been in the report ahead of the change. They spoke on condition of anonymity as they were not authorized to discuss the matter.Asked to comment on the allegedly softened language, Palo Alto issued a statement to Reuters that said in part: \u201cAttribution is irrelevant.\u201dPalo Alto’s vice president of global communications, Nicole Hockin, said in subsequent emails to Reuters that the statement was meant to communicate that the lack of attribution in Palo Alto’s report was not correlated with “procurement regulations in China” and that any suggestion otherwise was “speculative and false.” She said the choice of language in Palo Alto’s report reflected “how to best inform and protect governments about this widespread campaign.”The Chinese Embassy in Washington said it opposes \u201call forms of cyberattacks.\u201d It added that attributing hacks was \u201ca complex technical issue\u201d and that it hoped \u201crelevant parties will adopt a professional and responsible attitude, basing their characterization of cyber incidents on sufficient evidence, rather than unfounded speculation and accusations.\u201d\u2018THE SHADOW CAMPAIGNS\u2019Palo Alto first detected the hacking group TGR-STA-1030 in early 2025, according to the report, opens new tab. In a wide-ranging effort that Palo Alto dubbed \u201cThe Shadow Campaigns,\u201d the spies allegedly conducted reconnaissance against nearly every country in the world and successfully broke into government and critical infrastructure organizations in 37 countries.Although China was not mentioned by name, close readers of Palo Alto\u2019s report might still come away with the impression that Beijing was involved. For example, the researchers noted that the hackers\u2019 activity aligned with the GMT+8 time zone, which includes China, and that the hackers appeared to focus on Czechia\u2019s government infrastructure following an August meeting between Czechia\u2019s president and the Dalai Lama, Tibet’s spiritual leader whom Beijing has long regarded as a thorn in its side. The report also noted that the hackers targeted Thailand on November 5 ahead of a diplomatic \u201cvisit.\u201d The details of the trip were not provided in the report, but the following week marked a reigning Thai king\u2019s first state visit to Beijing.Outside researchers who reviewed Palo Alto\u2019s report said they had seen similar activity that they attributed to Chinese state-sponsored espionage operations.\u201cOur assessment is that this is part of a broader pattern of global campaigns linked to China that seek intelligence and persistent internal access to organizations of interest to\u201d Beijing, said Tom Hegel, a senior threat researcher with SentinelOne.Palo Alto says on its website that it has five offices in China, including locations in Beijing, Shanghai and Guangzhou. The professional networking site LinkedIn lists more than 70 self-identified Palo Alto employees across China, including engineers and account managers.One academic said the incident illustrates the trade-offs cybersecurity companies \u2013 especially ones with global footprints \u2013 often face when they consider whether to call out state-sponsored cyberespionage campaigns. On the one hand, exposing foreign spies can draw industry plaudits and positive publicity. On the other hand, tangling with a foreign intelligence service can trigger reprisals.\u201cPeople have always taken risks by naming names,\u201d said Thomas Rid, a professor at Johns Hopkins University who has studied the history of cyber attribution. \u201cIt was always unpleasant and if you have people on the ground, like large companies do, that\u2019s an additional consideration. Are you putting your own people – your local staff – at risk?\u201dReporting by Raphael Satter in Washington and AJ Vicens in Detroit; Editing by Chris Sanders and Matthew LewisOur Standards: The Thomson Reuters Trust Principles., opens new tabPurchase Licensing RightsReporter covering cybersecurity, surveillance, and disinformation for Reuters. Work has included investigations into state-sponsored espionage, deepfake-driven propaganda, and mercenary hacking.Cybersecurity correspondent covering cybercrime, nation-state threats, hacks, leaks and intelligence
<\/p>\n","protected":false},"excerpt":{"rendered":"

Exclusive: Palo Alto chose not to tie China to hacking campaign for fear of retaliation…<\/p>\n","protected":false},"author":1,"featured_media":186834,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/www.reuters.com\/resizer\/v2\/2BMUTGB6URKGHFL7TMOMVP34ZA.jpg?auth=75f6200f378d293596a5aaea259325e561606e5c37ca03e54b351ac89d495a7d&height=1005&width=1920&quality=80&smart=true","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[24],"class_list":["post-186833","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-cybersecurity"],"_links":{"self":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/186833"}],"collection":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=186833"}],"version-history":[{"count":1,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/186833\/revisions"}],"predecessor-version":[{"id":186835,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/186833\/revisions\/186835"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/186834"}],"wp:attachment":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=186833"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=186833"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=186833"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}