Chinese cyber-spies use hacked routers in attacks against French organizations

Chinese cyber-spies use hacked routers in attacks against French organizations

The French national cyber-security agency (Agence Nationale de la Sécurité des Systèmes d'Information, ANSSI) has warned of an ongoing series of attacks against a large number of French organizations orchestrated by APT31 (aka Zirconium and Judgment Panda), a hacking group believed to have ties to the Chinese government.

“It appears from our investigations that the threat actor uses a network of compromised home routers as operational relay boxes in order to perform stealth reconnaissance as well as attacks,” the agency said.

According to ANSSI, the campaign started at the beginning of this year and is still ongoing. The agency shared a list of IoCs related to the attacks to help organizations assess possible compromises.

“Finding one of the IOCs in logs does not mean the entire system has been compromised and further analysis will be required,” the agency added.

Earlier this week, the US Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) said that Chinese state-backed hackers compromised at least 13 US gas pipeline operators in a spear-phishing and intrusion campaign conducted from December 2011 to 2013. The hackers made no attempts to modify the pipeline operations of systems they accessed, instead they appear to have been more interested on collecting SCADA-related information, personnel lists, credentials, and system manuals.


Back to the list

Latest Posts

Cyber Security Week in Review: July 4, 2025

Cyber Security Week in Review: July 4, 2025

In brief: Google patches Chrome 0Day, the US is on the hunt for North Korean IT workers, and more.
4 July 2025
AI chatbots fall for phishing scams

AI chatbots fall for phishing scams

The models provided the correct URL only 66% of the time; nearly 30% of responses pointed users to dead or suspended domains.
3 July 2025
Chinese hackers exploited Ivanti flaws in attacks against French government

Chinese hackers exploited Ivanti flaws in attacks against French government

ANSSI believes that the Houken campaign is operated by ‘UNC5174’, an entity believed to act as an initial access broker for China’s Ministry of State Security.
2 July 2025