Chinese State Hackers Attack Home And Office Routers In France

Share post:

According to French authorities, Chinese state hackers are breaching numerous home and office routers to use in a huge and ongoing attack on organizations in France.

According to security firm FireEye, the hacking group – known in security circles as APT31, Zirconium, Panda and other names – has carried out espionage operations against government, financial, aviation and defense organizations in the past.

Companies in the technology, construction, engineering, telecommunications, media and insurance sectors are also common targets. APT31 is also one of three Chinese government-sponsored hacking groups involved in a recent hacker attack on Microsoft Exchange servers, the U.K.’s National Cyber Security Centre announced Monday.

The advisory contains compromise indicators that allow organizations to determine whether they have been hacked or exploited during the campaign.

The indicators include 161 IP addresses, although it is not entirely clear whether they belong to compromised routers or other types of internet-connected devices used in the exploits.

A graph illustrating the countries hosting the IPs, created by researcher Will Thomas of security firm Cyjax shows that the largest concentration is in Russia, followed by Egypt, Morocco, Thailand and the United Arab Emirates.

“APT31 typically uses pawned routers within countries as a last resort to avoid suspicion, but they are not doing so in this campaign. The other difficulty here is that some of the routers are also likely to be compromised by other attackers in the past or at the same time,” said Thomas.

Hackers have long used compromised home and small office routers for botnets that execute crippling denial of service attacks, redirect users to malicious websites and act as proxies for brute force attacks, exploit vulnerabilities, scan ports, and filter data from compromised targets.

People concerned that their devices will be compromised should reboot their devices regularly, as most router malware does not survive a reboot. Users should also ensure that remote administration is turned off and that DNS servers and other configurations do not show any malicious changes.

Finally, it is always a good idea to install firmware updates promptly.

For more information, read the original story in Arstechnica.

Featured Tech Jobs


Related articles

Cyber Security Today, Week in Review for week ending Friday April 19, 2024

On this episode Jen Ellis, co-chair of the Ransomware Task Force, talks about ways of fighting one of the biggest cyber threats to IT d

Cyber Security Today, April 19, 2024 – Police bust phishing rental platform, a nine-year old virus found on Ukrainian computers, and more

This episode reports on a threat actor targeting governments in the Middle East with a novel way of hiding malware is going international

Controversial expansion of US surveillance powers nears Senate vote

The US Senate is poised to vote on a significant expansion of Section 702 of the Foreign Intelligence...

Russian-linked hackers target U.S. and European water systems

A Russian military-affiliated hacking group, Sandworm, is suspected of coordinating recent cyberattacks on water utilities in the U.S.,...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways