Chinese hackers targeting satellite and defense firms, researchers find
This story is being published by the South China Morning Post as part of a content partnership with POLITICO. It was reported by Tim Starks and originally appeared on politico.com on June 19, 2018.
Chinese hackers are waging a wide-ranging cyber espionage campaign against satellite operators, telecommunication companies and defense contractors in the U.S. and Southeast Asia, a cybersecurity company said Tuesday.
The firm Symantec said it first noticed the campaign in January, although it has been monitoring the hacking group it dubbed "Thrip" since 2013. This year, Symantec detected "powerful malware" in Asia that it believes the hackers deployed to carry out spying operations and potentially destructive attacks.
The news comes as tensions are rising between China and the U.S. over cybersecurity issues. Senators voted Monday to reverse a Trump administration trade deal to save the Chinese telecom giant ZTE due to lawmakers' concerns that Beijing could use the firm's tech to carry out espionage operations in the U.S.
What's more, President Donald Trump has accused the Chinese government of not honoring an Obama administration deal with China that forbids cyber theft of intellectual property between the two nations.
Thrip's interest in targeting a satellite communications operator indicates it is interested in more than just stealing data, according to Symantec.
"The attack group seemed to be particularly interested in the operational side of the company, looking for and infecting computers running software that monitors and controls satellites," Symantec said in a blog post. "This suggests to us that Thrip’s motives go beyond spying and may also include disruption."
The sophisticated attack, which relied on custom malware as well as more commonly used hacker tools, originated from computers inside China, according to Symantec. Some of the malware the firm uncovered is designed to move around undetected in victims' networks to extract data and steal passwords.
"They operate very quietly, blending in to networks, and are only discovered using artificial intelligence that can identify and flag their movements," said Symantec CEO Greg Clark. "We stand ready to work with appropriate authorities to address this serious threat."