22 July 2021

Chinese cyber-spies use hacked routers in attacks against French organizations


Chinese cyber-spies use hacked routers in attacks against French organizations

The French national cyber-security agency (Agence Nationale de la Sécurité des Systèmes d'Information, ANSSI) has warned of an ongoing series of attacks against a large number of French organizations orchestrated by APT31 (aka Zirconium and Judgment Panda), a hacking group believed to have ties to the Chinese government.

“It appears from our investigations that the threat actor uses a network of compromised home routers as operational relay boxes in order to perform stealth reconnaissance as well as attacks,” the agency said.

According to ANSSI, the campaign started at the beginning of this year and is still ongoing. The agency shared a list of IoCs related to the attacks to help organizations assess possible compromises.

“Finding one of the IOCs in logs does not mean the entire system has been compromised and further analysis will be required,” the agency added.

Earlier this week, the US Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) said that Chinese state-backed hackers compromised at least 13 US gas pipeline operators in a spear-phishing and intrusion campaign conducted from December 2011 to 2013. The hackers made no attempts to modify the pipeline operations of systems they accessed, instead they appear to have been more interested on collecting SCADA-related information, personnel lists, credentials, and system manuals.


Back to the list

Latest Posts

Iranian hackers masqueraded as aerobics instructor to breach US defence company

Iranian hackers masqueraded as aerobics instructor to breach US defence company

The threat actor used alluring social media persona to infect the machine of an employee of the US aerospace defense contractor with the LEMPO malware.
29 July 2021
US, UK and Australia reveal most targeted vulnerabilities in the last two years

US, UK and Australia reveal most targeted vulnerabilities in the last two years

CVE-2019-19781 was the most exploited flaw in 2020.
29 July 2021
Chinese cyberspies target Microsoft Exchange servers with new PlugX variant

Chinese cyberspies target Microsoft Exchange servers with new PlugX variant

The latest version of PlugX has a variety of plug-ins that allow hackers to monitor, update and interact with the compromised system.
29 July 2021