Chinese hackers targeting satellite and defense firms, researchers find
Symantec said it first noticed the campaign in January, although it has been monitoring the hacking group it dubbed "Thrip" since 2013.
This story is being published by the South China Morning Post as part of a content partnership with POLITICO. It was reported by Tim Starks and originally appeared on politico.com on June 19, 2018.
The firm Symantec said it first noticed the campaign in January, although it has been monitoring the hacking group it dubbed "Thrip" since 2013. This year, Symantec detected "powerful malware" in Asia that it believes the hackers deployed to carry out spying operations and potentially destructive attacks.
What's more, President Donald Trump has accused the Chinese government of not honoring an Obama administration deal with China that forbids cyber theft of intellectual property between the two nations.
Thrip's interest in targeting a satellite communications operator indicates it is interested in more than just stealing data, according to Symantec.
"The attack group seemed to be particularly interested in the operational side of the company, looking for and infecting computers running software that monitors and controls satellites," Symantec said in a blog post. "This suggests to us that Thrip’s motives go beyond spying and may also include disruption."
The sophisticated attack, which relied on custom malware as well as more commonly used hacker tools, originated from computers inside China, according to Symantec. Some of the malware the firm uncovered is designed to move around undetected in victims' networks to extract data and steal passwords.
"They operate very quietly, blending in to networks, and are only discovered using artificial intelligence that can identify and flag their movements," said Symantec CEO Greg Clark. "We stand ready to work with appropriate authorities to address this serious threat."