A hacking group has compromised at least nine global organizations in the fields of technology, defense, energy, and other key sectors as part of an apparent espionage campaign, a U.S. cybersecurity group has claimed.

Cybersecurity firm Palo Alto Networks said in a report published Sunday that in the U.S. alone, hundreds of organizations were targeted by hackers as part of an espionage effort that took place between late September and early October.

The hacking group compromised “at least nine global entities across the technology, defense, healthcare, energy, and education industries,” it said.

“Through global telemetry, we believe that the actor targeted at least 370 Zoho [software] … in the United States alone,” Palo Alto Networks said in its report. “Given the scale, we assess that these scans were largely indiscriminate in nature as targets ranged from education to Department of Defense entities.”

The hacking group was able to compromise the entities by exploiting vulnerabilities in software used to manage network passwords, known as ManageEngine ADSelfService Plus, the post said.

“Ultimately, the actor was interested in stealing credentials, maintaining access, and gathering sensitive files from victim networks for exfiltration,” Palo Alto Networks noted.

The cybersecurity firm noted that while attribution is still ongoing, specific tools and methods used in the apparent hacking efforts are in line with those used by the Chinese cyber-espionage group Emissary Panda, also known as TG-3390, APT 27, and Bronze Union.

“Specifically, as documented by SecureWorks in an article on a previous TG-3390 operation, we can see that TG-3390 similarly used web exploitation and another popular Chinese webshell called ChinaChopper for their initial footholds before leveraging legitimate stolen credentials for lateral movement and attacks on a domain controller,” Palo Alto Networks explained in its report.