SentinelOne discovered the campaign when they tried to hit the security vendor's own servers

An IT services company, a European media group, and a South Asian government entity are among the more than 75 companies where China-linked groups have planted malware to access strategic networks should a conflict break out.

SentinelLABS, the threat intel and research arm of security shop SentinelOne, uncovered these new clusters of malicious activity when the suspected Chinese spies tried to break into SentinelOne's own servers in October.

"We tend to prioritize China, and seeing them start to poke at our own products, our own infrastructure, that immediately raises the red flag for us," SentinelOne threat researcher Tom Hegel told The Register in a phone interview. While the attempted SentinelOne intrusion was unsuccessful, being the target of a Chinese reconnaissance campaign led the threat hunters into a deeper analysis of the broader campaign and malware used.

"We started to hunt for it globally, look at their infrastructure and identify ...