Like ransomware attacks, cyber espionage campaigns are fatal and can cause irreparable damage to enterprise IT security perimeter. Government and organizations must enforce robust security measures to identify cybercriminal operations before they exploit a company’s security architecture.
Recently, the French National Agency for the Security of Information Systems (ANSSI) warned organizations about a China-linked threat actor group APT31. In a security advisory, the ANSSI stated that the APT31 group is leveraging compromised home routers to break into targeted organizations’ networks. The ANSSI shared the list of Indicators of Compromise (IoCs) and IP addresses of the ongoing campaign and urged the affected organizations to report any evidence of the campaign.
“ANSSI is currently handling a large intrusion campaign impacting numerous French entities. Attacks are still ongoing and are led by an intrusion set publicly referred to as APT31. It appears from our investigations that the threat actor uses a network of compromised home routers as operational relay boxes to perform stealth reconnaissance as well as attacks. As such, indicators of compromises (IOCs) are shared to help assess possible compromises (searches should start at the beginning of 2021) and used in detection services,” said the ANSSI.
Is APT31 Unstoppable?
Also tracked as Zirconium, Red Keres, and Judgment Panda, the APT31 group has been reportedly involved in various cyberespionage campaigns linked to the Chinese government. Ben Koehl, a threat analyst at Microsoft’s Threat Intelligence Center, stated that the IP addresses shared by the ANSSI are mostly located in Africa, Asia, Russia, and Latin America.
“Investigations show that this operating mode compromises routers to use them as anonymization relays, prior to carrying out reconnaissance and attack actions.”
— bk (Ben Koehl) (@bkMSFT) July 21, 2021
“ZIRCONIUM appears to operate numerous router networks to facilitate these actions. They are layered together and strategically used. If investigating these IP addresses they should be used mostly as source IP’s but on occasion, they are pointing implant traffic into the network,” Koehl added.
Cybersecurity in France
The French government is making constant efforts to boost the country’s cybersecurity standards and defend against evolving threats. From enhancing the security practices to penalizing the violators, the French data privacy regulators have always prioritized user data security. Recently, the French Competition Authority (FCA) fined Google €220 million (approximately $268 million) for abusing its dominant position in the advertising market and favoring its services at the expense of its competitors. Read More Here…