- When Sentinellabs was targeted, the researchers decided to seek more victims
- They have found 75 organizations worldwide, in different industries
- Researchers think that China can be positioned for conflicts, in cyberspace or elsewhere
Chinese pirates have targeted businesses around the world for about a year now and have managed to compromise at least 75 organizations – although the actual number of victims can be much more important.
Sentinellabs cybersecurity researchers were alerted to the campaign after their own infrastructure was targeted and, in an analysis, explained that after spotting this failed violation attempt, they began to seek more victims, tried to identify the attackers and determine the start of the campaign.
They concluded that the first proof of the campaign was in June 2024, which means that the attacks took place for about a year.
Prepare for war
They attributed the attacks to three collectives of the actors of the threats linked to China: Apt15 (AKA Ke3chang or Nylon Typhoon), UNC5174 and APT41.
The first is known to target telecommunications operators, IT services and government sectors, and UNC5174 is known to have links with the Ministry of State Security in China.
Apparently, he was also involved in the global campaigns of spying and resale in the past. Finally, Apt41 has already been seen using Shadowpad – a piece of malware spotted in these attacks too.
The Cyberespionageing campaign has targeted a wide range of victims, including an IT services and logistics company that manages material needs for employees of Sentinelone, a leading European media organization (targeted for information collection, apparently) and a South-Asian government entity providing IT services and infrastructure in several sectors.
Sentinellabs says most of the victims operate in the manufacturing, government, finance, telecommunications and research sectors – all essential and critical infrastructure organizations.
This led the researchers to conclude that the attackers probably positioned themselves for potential conflicts, that is, cyber-lines or soldiers.
“They could take care of government organizations for more direct spying,” the researcher said to the threat of Sentineone, Tom Hegel The register.
“And then the major world media organizations – maybe silent certain subjects or disturb them for reporting on certain things. If they are sitting on the networks of their opponents – media organizations or government entities or their defense companies – they are able to return a change if a conflict should occur.”
