October 4, 2023

French national cyber-security agency warned of an ongoing series of attacks against a large number of French organizations coordinated by the Chinese-backed APT31 hacking group.

It appears from our investigations that the threat actor uses a network of compromised home routers as operational relay boxes in order to perform stealth reconnaissance as well as attacks

ANSSI

“As such, indicators of compromises (IOCs) are shared to help assess possible compromises and used in detection services.”

Organizations that detect any of the shared IOCs in their logs pointing at an attack potentially connected to this ongoing APT31 campaign are urged to report the incident to ANSSI via email.

APT31 (also known as Zirconium and Judgment Panda) is a hacking group working at the behest of the Chinese Government known for its numerous espionage and information theft operations.

This threat has been linked in the past to the theft and repurposing of the NSA exploit years before Shadow Brokers publicly leaked it in April 2017.

Microsoft in 2020 observed APT31 attacks targeting the international affairs community and high-profile individuals associated with the Joe Biden presidential campaign.

APT31 was also spotted by Google while targeting “campaign staffers’ personal emails with credential phishing emails and emails containing tracking links

Tags:

Leave a Reply

You may have missed

Qualcomm fixes Zero Day Vulnerabilities

October 4, 2023

AWS Console and MFA Requirements

October 4, 2023

Bunny Loader Malware-as-a-Service in Action

October 3, 2023

Google Android Security Updates – October 2023

October 3, 2023

Industrial Control Systems and Vulnerability Management Process

October 2, 2023

McLaren Healthcare suffers a Ransomware Incident

October 2, 2023
%d bloggers like this: