September 26, 2024Ravie LakshmananCyber Espionage/Hacking
A Chinese government-backed nation-state threat group has breached several U.S. internet service providers (ISPs) as part of a coordinated cyberespionage campaign to gather sensitive information, The Wall Street Journal reported on Wednesday.
The activity has been attributed to a threat actor that Microsoft tracks as Salt Typhoon, also known as FamousSparrow and GhostEmperor.
“Investigators are investigating whether the intruder gained access to Cisco Systems routers, core network components that route much of the Internet’s traffic,” the paper said, citing people familiar with the matter.
The ultimate goal of an attack is to establish a persistent foothold within a target network, allowing threat actors to collect sensitive data or launch harmful cyber attacks.
GhostEmperor first came to light in October 2021, when Russian cybersecurity firm Kasperksy revealed details of a long-running evasion operation targeting Southeast Asia to deploy a rootkit called Demodex.
Targets in the attack included well-known companies in Malaysia, Thailand, Vietnam and Indonesia, as well as more unusual companies in Egypt, Ethiopia and Afghanistan.
In July 2024, Sygnia revealed that an unnamed customer had been breached by threat actors in 2023, who had infiltrated one of their business partner’s networks.
“During our investigation, it was determined that multiple servers, workstations, and users were compromised by a threat actor who deployed various tools to communicate with a set of (command and control) servers,” the company said. “One of these tools was identified as a variant of Demodex.”
The move came days after the US government announced it had taken down a botnet of 260,000 devices called Raptor Train, which was controlled by another Beijing-linked hacker group known as Flax Typhoon.
This also marks the latest in a series of Chinese government-led efforts to target telecommunications, ISPs and other critical infrastructure sectors.
Did you find this article interesting? Follow us Twitter: To read more exclusive content we post, check us out on LinkedIn.
Source link
