A hacking group has targeted the networks of US media and retail companies to gather usernames and IP addresses. Identified as ‘backdoor’ used by a group it calls SparklingGoblin.

The group mostly targets the academic sectors in East and Southeast Asia, but it’s also shown interest in the education sector in Canada, media companies in the US, and at least one unnamed computer retail company in the US.

The group’s backdoor, called Sidewalk, uses Google Docs to pass on IP configurations and usernames, along with other bits of sensitive information like file names, operating system versions, and computer names.

Classified as an ‘advanced persistent threat,’ groups that use ‘continuous, clandestine, and sophisticated hacking techniques to gain access to a system and remain inside for a prolonged period of time, with potentially destructive consequences,’ according to Russian antivirus company Kaspersky.

A similar toolset used by Sparkling Goblin was used in a series of attacks against universities in Hong Kong by the Winnti Group responsible for for high-profile supply-chain attacks against the video game and software industries