52.8 F
Washington D.C.
Monday, October 3, 2022
spot_img

Chinese Hacking Group Hits Defense and Telecom Companies in ‘Likely Espionage,’ Says Cyber Firm

A group called Thrip, based in mainland China, has allegedly been caught infiltrating “satellite communications, telecoms, geospatial imaging, and defense organizations in the United States and Southeast Asia,” according to a June 19 press release from California-based cybersecurity company Symantec.

Using an “artificial intelligence-based” system called Targeted Attack Analytics, Symantec said it had first detected Thrip’s presence in January 2018 which the company’s researchers then tracked down.

Thrip apparently uses “legitimate operating system features and network administration tools in an attempt to evade detection” and “custom malware.”

“This is likely espionage,” said Symantec CEO Greg Clark in the press release. “The Thrip group has been working since 2013 and their latest campaign uses standard operating system tools, so targeted organizations won’t notice their presence. They operate very quietly, blending in to networks, and are only discovered using artificial intelligence that can identify and flag their movements. Alarmingly, the group seems keenly interested in telecom, satellite operators, and defense companies. We stand ready to work with appropriate authorities to address this serious threat.”

Symantec did not say which companies were targeted, but in a blog researchers noted Thrip targeted machines running MapXtreme GIS (Geographic Information System) software, Google Earth Server, Garmin imaging software, and software that monitors and controls satellites.

The conclusion reached was that Thrip might have goals that “go beyond spying and may also include disruption.”

This not the first time Thrip has been accused of being responsible for cyber-espionage. Symantec said it has been monitoring the group since 2013.

In 2015 the U.S. and China made an agreement that “neither country will conduct economic espionage in cyberspace,” according to the Washington Post.

Thrip hasn’t been spotted being active since that agreement, according to Cyberscoop, until now.

Read more from Symantec.

Adam Rayes
Adam Rayes is a 19-year-old journalism student at Western Michigan University who is completing his Junior credits at George Mason University this summer while interning here at HSToday. He's worked a crime beat for Western's newspaper and freelances for several organizations in Kalamazoo, Michigan. He enjoys hiking trails, Star Wars and being really, really bad at guitar. You can find Adam on Twitter @arayes17 and can reach him by email or phone at arayes@gtscoalition.com or 248-595-1032.

Related Articles

- Advertisement -

Latest Articles