A man works on a Marriott sign in front of the former Peabody Hotel in Little Rock, Arkansas. Credit: Danny Johnston | AP

A massive hack into hotel group Marriott International may have been an intelligence-gathering operation by China’s government, Reuters cited unidentified sources as saying.

Private investigators found hacking tools, techniques and procedures that featured in past attacks attributed to Chinese hackers, according to the report. But other parties have access to the same tools, meaning China can only be described as lead suspect, Reuters’ sources said.

“Our primary objectives in this investigation are figuring out what occurred and how we can best help our guests,” a Marriott spokesperson told Bloomberg News by email. “We have no information about the cause of this incident and we have not speculated about the identity of the attacker.”

Marriott is tallying the cost of one of the biggest corporate hacks in history, which exposed the personal data of some 500 million guests through a breach of its Starwood Hotels and Resorts reservation system from 2014. A Chinese connection might be less significant for the company than for the U.S. government, which is clashing with the rising super-power over technology and trade.

Identifying the culprit is even harder because investigators suspect multiple hacking groups may have simultaneously been inside Marriott computer networks since 2014, Reuters quoted one of the sources as saying.

The incident will seem less of a failure on Marriott’s part if the Chinese government turns out to be the perpetrator, James Lewis, director of the technology policy program at the Center for Strategic and International Studies, told Bloomberg News. “No corporation can take on a government and expect to win,” he said.

China foreign ministry spokesman Geng Shuang, speaking at a regular press briefing Thursday, said that while he wasn’t aware of the specific case, “I believe China firmly opposes and cracks down on all forms of hacking. We firmly oppose any groundless accusations on the issue of cyber security.”

The hotel group disclosed the attack last week.