We’re starting to get a clearer picture of who authorities believe is responsible for the massive hack of the Marriott hotel chain in recent weeks that compromised the data of more than 500 million customers.

According to new reports from The New York Times and The Washington Post, the hackers are suspected to be affiliated with China’s Ministry of State Security. While authorities caution their findings are still inconclusive, they say the methods of the hackers, along with a variety of clues related to the hack, tend to suggest it was state-sponsored, which is yet another headache in the already fraught relations between the US and China. Both countries, you’ll recall, are still locked in the makings of a tariff-fueled trade war, and the CFO of leading Chinese tech company Huawei has been arrested in Canada ahead of possible extradition to the US.

Marriott itself, which operates more than 5,800 properties in countries around the world, claims to be the leading hotel provider for the US government and military, which China was no doubt aware of. In fact, that’s another clue this hack may be part of what authorities believe is a sprawling and complex intelligence-gathering operation out of China, details of which are only now coming into focus.

According to Business Insider, for example, the Trump administration plans to declassify US intelligence reports that reveal China’s efforts to build a database with the names of US government officials with security clearances. Reporting from Reuters also cites sources close to the Marriott investigation who speculate the hackers were probably trying to gather information to fuel Chinese spying efforts rather than for some sort of financial gain.

As we’ve noted, Marriott has said it first became aware that its systems had been breached on September 8th when an internal security tool flagged an attempt by someone trying to access the reservation database. After consulting with outside security experts, the hotel chain realized that someone had been accessing the database for the last four years and had been copying all sorts of sensitive information, like guest names, mailing addresses, phone numbers, email addresses, passport numbers, dates of birth and much more.