Google (US)
Threat actors publicly named in connection with targeting Google. Sorted by IDF score (rarity-weighted CVE attribution) with extraction confidence as tiebreaker. Each row's evidence is a verbatim quote from the source attribution.
3 attributed actor(s) ·
Category mix: insider=2, state=1 ·
Attacker regions: US=2, —=1
| Actor | Category | Sponsor | Confidence | Evidence | CVEs | IDF | Last active |
|---|---|---|---|---|---|---|---|
| Elderwood (G0066) | state | 🇨🇳 CN | 0.80 | 2009 Google intrusion known as Operation Aurora | 1 | 3.6 | 2026 |
| Linwei 'Leon' Ding (Google AI / TPU architecture) (INS-DING-GOOGLE-2024) | insider | 🇺🇸 US | 1.00 | Former Google software engineer convicted in January 2026 on seven counts of economic espionage and seven counts of theft of trade secrets | 0 | 0.0 | — |
| Anthony Levandowski (INS-LEVANDOWSKI-2017) | insider | 🇺🇸 US | 0.88 | engineer at Google's Waymo | 0 | 0.0 | — |
Sibling victims
Other named victims whose attacker circle overlaps with this one — defenders use this to find sectoral or geographic cohorts that face the same actors.
« All victims · All actors · Browse by sector · Recent breach notifications