The French national cyber-security agency (Agence Nationale de la Sécurité des Systèmes d'Information, ANSSI) has warned of an ongoing series of attacks against a large number of French organizations orchestrated by APT31 (aka Zirconium and Judgment Panda), a hacking group believed to have ties to the Chinese government.
“It appears from our investigations that the threat actor uses a network of compromised home routers as operational relay boxes in order to perform stealth reconnaissance as well as attacks,” the agency said.
According to ANSSI, the campaign started at the beginning of this year and is still ongoing. The agency shared a list of IoCs related to the attacks to help organizations assess possible compromises.
“Finding one of the IOCs in logs does not mean the entire system has been compromised and further analysis will be required,” the agency added.
Earlier this week, the US Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) said that Chinese state-backed hackers compromised at least 13 US gas pipeline operators in a spear-phishing and intrusion campaign conducted from December 2011 to 2013. The hackers made no attempts to modify the pipeline operations of systems they accessed, instead they appear to have been more interested on collecting SCADA-related information, personnel lists, credentials, and system manuals.