3 April 2024

Chinese hackers exploited Swedes' routers to launch cyberattacks


Chinese hackers exploited Swedes' routers to launch cyberattacks

The state-backed Chinese hacker group APT31 has used routers belonging to Swedish citizens as part of cyberattacks against a range of countries, Säpo (Swedish Security Service) revealed.

According to Säpo's press spokesperson Fredrik Hultgren-Friberg, APT31 conducted extensive cyberattacks during 2020 and 2021 against several countries in Europe.

“These attacks were carried out, among other things, from hacked routers belonging to private individuals in Sweden,” Fredrik Hultgren-Friberg told SVT News. He noted that the routers were used to build up an infrastructure network used for their cyber operations.

In Europe, members of the International Alliance Inter-parliamentary Alliance on China (IPAC) have been targeted. IPAC gathers politicians working on how democratic countries should respond to China. Among the members are Swedish politicians Elisabet Lann (Christian Democrats), municipal councilor in the city of Gothenburg, and Member of Parliament Joar Forssell (Liberal Party).

Last month, the US authorities charged seven alleged members of APT31 (aka Zirconium and Judgment Panda) for their involvement in a long-standing cyber espionage campaign targeting individuals and entities both within and outside the United States.

Since at least 2010, the defendants and their associates have targeted a wide range of individuals and organizations, including political dissidents, government officials, political candidates, campaign personnel, and American companies. Their tactics involved sophisticated hacking techniques, including zero-day exploits, which allowed them to gain and maintain access to victim computer networks.

Additionally, the Police of Finland (Poliisi) has formally accused APT31 of orchestrating a cyber attack targeting the country's Parliament in 2020.

Back to the list

Latest Posts

Iranian hackers exploit RMM tools to deliver malware

Iranian hackers exploit RMM tools to deliver malware

One of the aspects of MuddyWater's strategy involves exploiting Atera's free trial offers.
24 April 2024
Ongoing malware campaign targets multiple industries, distributes infostealers

Ongoing malware campaign targets multiple industries, distributes infostealers

The campaign leverages a CDN cache domain as a download server, hosting malicious HTA files and payloads.
24 April 2024
US charges four Iranian hackers for cyber intrusions

US charges four Iranian hackers for cyber intrusions

The group targeted both both government and private entities.
24 April 2024