Cybersecurity firm Symantec has exposed Chinese hacking of satellite communications and telecoms in the United States and Southeast Asia.
The company’s AI-based Targeted Attack Analytics (TAA) system helped researchers expose a hacking campaign from a group called Thrip.
On the surface, Symantec said the activity looked innocuous. TAA alerted Symantec’s investigation team and set them on the path to discovering the attack from a group the company has been monitoring since 2013.
“This is likely espionage,” said Greg Clark, Symantec CEO. “The Thrip group has been working since 2013 and their latest campaign uses standard operating system tools, so targeted organisations won’t notice their presence.”
“They operate very quietly, blending into networks, and are only discovered using artificial intelligence that can identify and flag their movements. Alarmingly, the group seems keenly interested in telecom, satellite operators, and defense companies. We stand ready to work with appropriate authorities to address this serious threat.”
Symantec followed the trail back to machines originating in mainland China where they were using legitimate operating system features and network administration tools in the attempt to evade detection.
The group’s likely motive is espionage according to Symantec, but a ‘more aggressive, disruptive stance’ could be adopted as it compromises operational systems.
With the current lack of trust in the use of Chinese telecoms equipment over national security concerns from the likes of Australia and the United States, this latest report from Symantec won’t help to quell those fears.
What are your thoughts on Symantec’s findings? Let us know in the comments.