- When SentinelLABS was targeted, the researchers set out looking for more victims
- They found 75 organizations around the world, in different industries
- The researchers believe China may be positioning for conflict, in cyberspace or elsewhere
Chinese hackers have been targeting companies across the world for roughly a year now, and have managed to compromise at least 75 organizations – although the actual number of victims could be a lot bigger.
Cybersecurity researchers at SentinelLABS were alerted to the campaign after their own infrastructure was targeted, and in an analysis, explained that after spotting this failed breach attempt, they started looking for more victims, tried to identify the attackers, and set out to determine when the campaign started.
They concluded that the earliest evidence of the campaign was in June 2024, which means that the attacks were going on for approximately a year.
Preparing for war
They attributed the attacks to three China-linked threat actor collectives: APT15 (AKA Ke3Chang or Nylon Typhoon), UNC5174, and APT41.
The former is known for targeting telcos, IT services, and government sectors, and UNC5174 is known to have ties to China’s Ministry of State Security.
Apparently, it has been involved in global espionage and resale campaigns in the past, as well. Finally, APT41 was previously seen using ShadowPad – a piece of malware spotted in these attacks, as well.
The cyberespionage campaign targeted a wide range of victims, including an IT services and logistics company that manages hardware needs for SentinelOne employees, a leading European media organization (targeted for intelligence gathering, apparently), and a South Asian government entity providing IT services and infrastructure across multiple sectors.
SentinelLABS says most of the victims are operating in manufacturing, government, finance, telecommunications, and research sectors – all essential, critical infrastructure organizations.
This led the researchers to conclude that the attackers were most likely positioning for potential conflict, either cyber-related, or military.
“They might be going after government organizations for more direct espionage,” SentinelOne threat researcher Tom Hegel told The Register.
“And then major global media organizations — maybe it’s silencing certain topics or disrupting them for reporting on certain things. If they are sitting on their adversaries’ networks — media organizations, or government entities or their defense companies — they are able to flip a switch if conflict were to occur.”
You might also like
https://cdn.mos.cms.futurecdn.net/ef8zeecGrS3texgTdoSkYe.jpg
Source link
