|
China-based campaign breached satellite,
defense companies: Symantec
Send a link to a friend
 [June 20, 2018]
By Joseph Menn
SAN FRANCISCO (Reuters) - A sophisticated
hacking campaign launched from computers in China burrowed deeply into
satellite operators, defense contractors and telecommunications
companies in the United States and southeast Asia, security researchers
at Symantec Corp said on Tuesday.
Symantec said the effort appeared to be driven by national espionage
goals, such as the interception of military and civilian communications.
Such interception capabilities are rare but not unheard of, and the
researchers could not say what communications, if any, were taken. More
disturbingly in this case, the hackers infected computers that
controlled the satellites, so that they could have changed the positions
of the orbiting devices and disrupted data traffic, Symantec said.
"Disruption to satellites could leave civilian as well as military
installations subject to huge (real world) disruptions," said Vikram
Thakur, technical director at Symantec. "We are extremely dependent on
their functionality."
Satellites are critical to phone and some internet links as well as
mapping and positioning data.
Symantec, based in Mountain View, California, described its findings to
Reuters exclusively ahead of a planned public release. It said the
hackers had been removed from infected systems.
Symantec said it has already shared technical information about the hack
with the U.S. Federal Bureau of Investigation and Department of Homeland
Security, along with public defense agencies in Asia and other security
companies. The FBI did not respond to a request for comment.
Thakur said Symantec detected the misuse of common software tools at
client sites in January, leading to the campaign's discovery at unnamed
targets. He attributed the effort to a group that Symantec calls Thrip,
which may be called different names by other companies.
[to top of second column]
|
A map of China is seen through a magnifying glass on a computer
screen showing binary digits in Singapore in this January 2, 2014
photo illustration. REUTERS/Edgar Su
Thrip was active from 2013 on and then vanished from the radar for
about a year until the last campaign started a year ago. In that
period, it developed new tools and began using more widely available
administrative and criminal programs, Thakur said.
Other security analysts have also recently tied sophisticated
attacks to Chinese groups that had been out of sight for awhile, and
there could be overlap. FireEye Inc in March said that a group it
called Temp.Periscope reappeared last summer and went after defense
companies and shippers. FireEye had no immediate comment on the new
episode.
It was unclear how Thrip gained entry to the latest systems. In the
past, it depended on trick emails that had infected attachments or
led recipients to malicious links. This time, it did not infect most
user computers, instead moving among servers, making detection
harder.
Following its customary stance, Symantec did not directly blame the
Chinese government for the hack. It said the hackers launched their
campaign from three computers on the mainland. In theory, those
machines could have been compromised by someone elsewhere.
Symantec provides the most widely used paid security software for
consumers and an array of higher-end software and services for
companies and public agencies.
(Reporting by Joseph Menn; Editing by Leslie Adler and Cynthia
Osterman)
[© 2018 Thomson Reuters. All rights
reserved.]
Copyright 2018 Reuters. All rights reserved. This material may not be published,
broadcast, rewritten or redistributed.
Thompson Reuters is solely responsible for this content.
 |
