Today, the French national cyber-security service warned of an ongoing series of attacks against a large number of French organizations coordinated by the Chinese hacking group APT31.
"Our research shows that the threatening agent uses a network of compromised home routers as functional relay boxes to carry out covert reconnaissance as well as attacks," the ANSSI (Agence Nationale de la Sécurité des Systèmes d'Information) said in a statement. today.
"Therefore, the compromise ratios (IOCsare notified to assist in the assessment of possible infringements (searches should begin in early 2021) and to be used in detection services. "
Organizations that detect any of the shared IOCs in their logs indicate an attack that may be related to this current APT31 campaign are invited to report the incident to ANSSI via email.
APT31 (also known as Zirconium and Judgment Panda) is a hacking group commissioned by the Chinese government known for its numerous espionage and intelligence theft operations.
This threat has been linked in the past to the theft and repositioning of the EpMe NSA exploit years before the Shadow Brokers team leaked it publicly in April 2017.
Last year, Microsoft observed APT31 attacks targeting the international affairs community and high-profile individuals associated with Joe Biden's presidential campaign.
APT31 was also spotted by Google targeting "staff personal emails with credential phishing emails and emails containing tracking links".
Source of information: bleepingcomputer.com