22 July 2021

Chinese cyber-spies use hacked routers in attacks against French organizations


Chinese cyber-spies use hacked routers in attacks against French organizations

The French national cyber-security agency (Agence Nationale de la Sécurité des Systèmes d'Information, ANSSI) has warned of an ongoing series of attacks against a large number of French organizations orchestrated by APT31 (aka Zirconium and Judgment Panda), a hacking group believed to have ties to the Chinese government.

“It appears from our investigations that the threat actor uses a network of compromised home routers as operational relay boxes in order to perform stealth reconnaissance as well as attacks,” the agency said.

According to ANSSI, the campaign started at the beginning of this year and is still ongoing. The agency shared a list of IoCs related to the attacks to help organizations assess possible compromises.

“Finding one of the IOCs in logs does not mean the entire system has been compromised and further analysis will be required,” the agency added.

Earlier this week, the US Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) said that Chinese state-backed hackers compromised at least 13 US gas pipeline operators in a spear-phishing and intrusion campaign conducted from December 2011 to 2013. The hackers made no attempts to modify the pipeline operations of systems they accessed, instead they appear to have been more interested on collecting SCADA-related information, personnel lists, credentials, and system manuals.


Back to the list

Latest Posts

Hackers exploited ancient Adobe ColdFusion bug to drop Cring ransomware

Hackers exploited ancient Adobe ColdFusion bug to drop Cring ransomware

The attackers made use of the vulnerabilities patched by Adobe more than ten years ago.
23 September 2021
Hackers are on the hunt for vulnerable VMware vCenter servers

Hackers are on the hunt for vulnerable VMware vCenter servers

Scans are based on the workaround provided by VMware to customers who could not immediately update their appliances.
23 September 2021
Another U.S. farm coop falls victim to ransomware

Another U.S. farm coop falls victim to ransomware

The incident marks the second ransomware attack in the last week targeting an agriculture cooperative.
23 September 2021