Chinese State Hackers Attack Home And Office Routers In France

Share post:

According to French authorities, Chinese state hackers are breaching numerous home and office routers to use in a huge and ongoing attack on organizations in France.

According to security firm FireEye, the hacking group – known in security circles as APT31, Zirconium, Panda and other names – has carried out espionage operations against government, financial, aviation and defense organizations in the past.

Companies in the technology, construction, engineering, telecommunications, media and insurance sectors are also common targets. APT31 is also one of three Chinese government-sponsored hacking groups involved in a recent hacker attack on Microsoft Exchange servers, the U.K.’s National Cyber Security Centre announced Monday.

The advisory contains compromise indicators that allow organizations to determine whether they have been hacked or exploited during the campaign.

The indicators include 161 IP addresses, although it is not entirely clear whether they belong to compromised routers or other types of internet-connected devices used in the exploits.

A graph illustrating the countries hosting the IPs, created by researcher Will Thomas of security firm Cyjax shows that the largest concentration is in Russia, followed by Egypt, Morocco, Thailand and the United Arab Emirates.

“APT31 typically uses pawned routers within countries as a last resort to avoid suspicion, but they are not doing so in this campaign. The other difficulty here is that some of the routers are also likely to be compromised by other attackers in the past or at the same time,” said Thomas.

Hackers have long used compromised home and small office routers for botnets that execute crippling denial of service attacks, redirect users to malicious websites and act as proxies for brute force attacks, exploit vulnerabilities, scan ports, and filter data from compromised targets.

People concerned that their devices will be compromised should reboot their devices regularly, as most router malware does not survive a reboot. Users should also ensure that remote administration is turned off and that DNS servers and other configurations do not show any malicious changes.

Finally, it is always a good idea to install firmware updates promptly.

For more information, read the original story in Arstechnica.

SUBSCRIBE NOW

Related articles

Casting a Hex and Deceptive Delight: Jailbreaking Techniques Targeting AI Models

OpenAI's GPT-4o language model can be tricked into generating exploit code by encoding malicious instructions in hexadecimal, according...

CRA Admits to Massive Underreporting of Cyberattacks

The Canada Revenue Agency (CRA) has acknowledged that tens of thousands of taxpayer accounts were hacked between March...

Apple Launches $1 Million Bug Bounty for Hacking Apple Intelligence Servers

Apple has announced a new bug bounty program offering up to $1 million to individuals who can successfully...

Over 6,000 WordPress Sites Hacked to Install Plugins Pushing Infostealers

More than 6,000 WordPress websites have been hacked to install malicious plugins that push information-stealing malware, according to...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways