Today, the French national cyber-security agency alerted of a current series of attacks against a large number of French organizations coordinated by the Chinese-backed APT31 hacking group. “It comes from our researched that the attackers uses a network of negotiated home routers as operational relay boxes in order to execute stealth reconnaissance as well as the attacks,” ANSSI (Agence Nationale de la Securtie des Systemes d’Information) says in an alert bulletin issued today.
“As such, indicators of compromises (IOCs) are transmitted to help assess probable negotiation (searches should start at the beginning of 2021) and utilized in analyzing services.”
How Organizations Handle these Cyberspies?
Organizations that discover any of the transmitted IOCs in their logs printing at an attack probably connected to the ongoing APT31 campaign are urged to report the incident to ANSSI via emails.
APT31 (also called Zirconium and Judgment Panda) is a hacking group working at the behest of the Chinese Government known for its several espionages and data theft operations. This threat has been linked in the before the theft and repurposing of the April EpMe NSA exploit years before Shadow Brokers publicly leaked it in April 2017.
Last year, Microsoft observed APT31 attacks targeting the international affairs community and high-profile individuals associated with the Joe Biden presidential operations. APT31 was also targeted by Google while targeting “campaign staffer’s personal emails with passwords phishing emails and emails containing tracking links.”
Chinese Cyberespionage Operations under the Limelight
These attacks come right after the US and its allies, who include the European Union, the United Kingdom, and NATO, have formally accused China of this year’s Microsoft Exchange hacking operation. The Cyberattacks took place in early 2021 and targeted more than a quarter of a million Microsoft Exchange servers, belonging to tens of thousands of associations across the world.
The Biden administration attributed “with a high degree of confidence that malicious cyber actors affiliated with PRC’s MSS conducted cyber espionage operations using the zero-day vulnerabilities in Microsoft Exchange Server revealed in early March 2021.” On the same, the UK stated that the Chinese Ministry of State Security (MSS) is just behind the Chinese state-backed gang tracked as APT40 and APT31.
The NSA, CISA, and FBI also expressed a joint advisory with more than 50 techniques, tactics, and procedures (TTPs) Chinese state-sponsored cyber actors have used in attacks against the US and allied networks. Four Ministry of State Security intelligence officers believed to be part of the APT40 threat group were also charged on the same day by the Department of the Justice regarding a multi-year campaign targeting governments and associations from sensitive sectors across the world