Security researchers at Symantec have discovered a sophisticated hacking campaign originating from China that was able to penetrate telecommunications companies, defence contractors and telecommunications companies in the US and southeast Asia.
The firm said the effort was likely driven by national espionage goals such as intercepting military and civilian communications. While interception capabilities such as this are rare, they still do occur but Symantec's researchers were unable to say what kinds of communications were taken by the attackers.
To make matters worse, the hackers behind the campaign were able to infect computers that control satellites and could have changed their positions and disrupted data traffic.
According to Symantec, the hackers have now been removed from the infected systems. The firm shared its discovery with the FBI and Department of Homeland Security as well as with public defence agencies in Asia and other security companies.
Symantec is calling the group responsible for the hack, Thrip though it may be referred to by different names at other security firms.
Symantec CEO, Greg Clark offered more details on the group in a statement, saying:
“This is likely espionage. The Thrip group has been working since 2013 and their latest campaign uses standard operating system tools, so targeted organizations won’t notice their presence. They operate very quietly, blending in to networks, and are only discovered using artificial intelligence that can identify and flag their movements. Alarmingly, the group seems keenly interested in telecom, satellite operators, and defense companies. We stand ready to work with appropriate authorities to address this serious threat.”
It still remains unclear as to how Thrip gained access to the latest systems. In the past, phishing techniques were used to infect the computers of unsuspecting users but this time the group went after servers instead of computers which made detection much harder.
Image Credit: Karen Roach / Shutterstock