Cybersecurity researchers at Symantec have revealed that computers located in the People’s Republic of China launched a successful, sophisticated, and multi-faceted hack on telecommunication companies and defense contractors located in the United States and Southeast Asia.
The hacking group, which Symantec identified as “Thrip,” has been actively involved in cyber attacks and espionage since at least 2013. Their latest campaign targeted satellite communications, geospatial imaging systems, the military, and telecommunications companies. They initially utilized custom malware to breach these high-priority systems, then switched to a technique called “living off the land,” in which they utilized tools that have legitimate purposes and would not draw suspicion. Symantec identified the hacking by utilizing an artificial intelligence threat-tracking system in order to flag the irregular use of at least one of the tools being employed.
The Thrip Espionage group targeting satellite communications is not to be taken lightly. Learn who they are and what they’re capable of in this blog focused on their recent campaign. https://t.co/tvtMbYTK3Q
— Symantec (@symantec) June 19, 2018
“From the initial alert triggered by TAA, we were able to follow a trail that eventually enabled us to see the bigger picture of a cyber espionage campaign originating from computers within China and targeting multiple organizations in the U.S. and Southeast Asia. Espionage is the group’s likely motive but given its interest in compromising operational systems, it could also adopt a more aggressive, disruptive stance should it choose to do so,” a Symantec Corporation statement stipulated.
If you’re reading this and have forgotten the direct threat that China poses to the free world, this should serve as a wake-up call. China is not our ally. China is not our friend. They are a Communist country that would just as soon see the American experiment end up on the ash heap of history; unfortunately, there are some of our own countrymen who would prefer the slave comfort of safety rather than the danger of freedom.
If China wants to pretend that these cyber attacks are not state sponsored, they need to show the world how aggressively they are pursuing and punishing those who launched the hacking campaign. However, this is truly a laughable concept; of course the attacks were state sponsored, the Chinese government controls the Internet with an iron fist and an unblinking eye. They roll tanks over Chinese citizens who demand democracy; they roll out the red carpet for those citizens who demand the fall of the West.
“Disruption to satellites could leave civilian as well as military installations subject to huge disruptions,”said Vikram Thakur, Symantec technical director.
Symantec pointed out that this attack highlights an ever-growing threat to global security, emphasizing that this hack could be motivated by more than spying—it may also be aimed at causing disruption. This was evidenced by the fact that so much of the hacking campaign focused on computers that were linked to satellites.
With the access they were able to obtain, the hackers could have utilized the infected network to control the satellites in question and change their positions and orbit, disrupting communications and data sent through them. The satellites that were targeted are critical for phone communications, Internet traffic, and mapping/positioning data.
Symantec shared all of the technical data about the hack with both the FBI and the Department of Homeland Security—they also ensured that all hackers had been removed from the infected systems before going public with information about the nefarious Chinese efforts.