Chinese State Hackers Attack Home And Office Routers In France

Share post:

According to French authorities, Chinese state hackers are breaching numerous home and office routers to use in a huge and ongoing attack on organizations in France.

According to security firm FireEye, the hacking group – known in security circles as APT31, Zirconium, Panda and other names – has carried out espionage operations against government, financial, aviation and defense organizations in the past.

Companies in the technology, construction, engineering, telecommunications, media and insurance sectors are also common targets. APT31 is also one of three Chinese government-sponsored hacking groups involved in a recent hacker attack on Microsoft Exchange servers, the U.K.’s National Cyber Security Centre announced Monday.

The advisory contains compromise indicators that allow organizations to determine whether they have been hacked or exploited during the campaign.

The indicators include 161 IP addresses, although it is not entirely clear whether they belong to compromised routers or other types of internet-connected devices used in the exploits.

A graph illustrating the countries hosting the IPs, created by researcher Will Thomas of security firm Cyjax shows that the largest concentration is in Russia, followed by Egypt, Morocco, Thailand and the United Arab Emirates.

“APT31 typically uses pawned routers within countries as a last resort to avoid suspicion, but they are not doing so in this campaign. The other difficulty here is that some of the routers are also likely to be compromised by other attackers in the past or at the same time,” said Thomas.

Hackers have long used compromised home and small office routers for botnets that execute crippling denial of service attacks, redirect users to malicious websites and act as proxies for brute force attacks, exploit vulnerabilities, scan ports, and filter data from compromised targets.

People concerned that their devices will be compromised should reboot their devices regularly, as most router malware does not survive a reboot. Users should also ensure that remote administration is turned off and that DNS servers and other configurations do not show any malicious changes.

Finally, it is always a good idea to install firmware updates promptly.

For more information, read the original story in Arstechnica.

Featured Tech Jobs


Related articles

Canada cyber centre issues caution after group from India issues threat

'Indian Cyber Force' issues threat after Canada says it has evidence of possible ties to India in the killing of a Sik

Cyber Security Today, Week in Review for the week ending Friday, Sept. 22, 2023

This episode features discussion about the MGM Resorts ransomware attack, and on recent DDoS attacks against Canadia

Despite AI, infosec leaders have ‘job security forever,’ conference told

Don't worry about AI taking the jobs of CISOs, a panel at the SIBOS 2023 conference in Toront

Despite AI, infosec leaders have ‘job security forever,’ conference told

Don't worry about AI taking the jobs of CISOs, a panel at the SIBOS 2023 conference in Toront

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways