French national cyber-security agency warned of an ongoing series of attacks against a large number of French organizations coordinated by the Chinese-backed APT31 hacking group.

It appears from our investigations that the threat actor uses a network of compromised home routers as operational relay boxes in order to perform stealth reconnaissance as well as attacks

ANSSI

“As such, indicators of compromises (IOCs) are shared to help assess possible compromises and used in detection services.”

Organizations that detect any of the shared IOCs in their logs pointing at an attack potentially connected to this ongoing APT31 campaign are urged to report the incident to ANSSI via email.

APT31 (also known as Zirconium and Judgment Panda) is a hacking group working at the behest of the Chinese Government known for its numerous espionage and information theft operations.

This threat has been linked in the past to the theft and repurposing of the NSA exploit years before Shadow Brokers publicly leaked it in April 2017.

Microsoft in 2020 observed APT31 attacks targeting the international affairs community and high-profile individuals associated with the Joe Biden presidential campaign.

APT31 was also spotted by Google while targeting “campaign staffers’ personal emails with credential phishing emails and emails containing tracking links