Cybersecurity

Symantec warns of China-based espionage campaign targeting satellites

A China-based cyber group is carrying out an extensive hacking campaign by targeting satellite, telecom and defense companies in the United States and Southeast Asia, a U.S. cybersecurity firm warned this week.

The motive of the hacking group, known as “Thrip,” is likely national cyber espionage, security researchers at Symantec Corp. said on Tuesday.

“Thrip’s attack on telecoms and satellite operators exposes the possibility that the attackers could intercept or even alter communications traffic from enterprises and consumers,” Symantec said in a statement, adding that the most disturbing discovery is an attempt to control satellites by infecting linked computers with malware.

{mosads}

“The attack group seemed to be particularly interested in the operational side of the company, looking for and infecting computers running software that monitors and controls satellites. This suggests to us that Thrip’s motives go beyond spying and may also include disruption,” Symantec wrote in a separate blog post.

Satellites play a central role in telecommunications, receiving and transmitting phone and internet signals as well as mapping and geolocation data.

Symantec said in Tuesday’s statement that it has tracked Thrip since 2013 and recently observed that the cyber group appears to have “discovered new tools and techniques used by the group in this most recent set of attacks.”

The threat of the improved hacking toolbox is further compounded by Thrip’s ability to stay well hidden.

“They operate very quietly, blending in to networks, and are only discovered using artificial intelligence that can identify and flag their movements,” Symantec Chief Executive Greg Clark said in a statement.

The company says it discovered the new attacks through its artificial intelligence-based Targeted Attack Analytics, which helped the researchers spot the malicious behavior that was hiding in legitimate IT administration tools.