The French National Cyber-security Agency warned about a series of attacks carried out by the Chinese-backed group APT31 against French organizations. They called the Chinese-backed APT31 hacking group the culprit.
According to the French security firm ANSSI, the hacker group uses a home router network to carry out stealth reconnaissance and attacks.
“It appears from our investigations that the threat actor uses a network of compromised home routers as operational relay boxes in order to perform stealth reconnaissance as well as attacks,” ANSSI (Agence Nationale de la Sécurité des Systèmes d’Information) says in a bulletin issued today.
The agency also shared related indicators of compromises (IOCs). The goal of the IOCs is to help identify potential compromises and to prevent them from happening. Logs that contain traces of an attack that could be connected to the ongoing APT31 campaign should be reported by organizations to ANSSI.
The APT31 group was spotted by Microsoft and Google behind a number of attacks targeting high-profile individuals and “campaign staffers” associated with Joe Biden’s presidential campaign at the behest of the Chinese government.
APT31 has been linked in the past to the theft and repurposing of the EpMe exploit developed by the NSA years before Shadow Brokers shared it publicly in 2017. APT31 is believed to be responsible for orchestrating other attacks as well.
This came after the US, the European Union, the United Kingdom, and NATO accused China of carrying out a series of cyber attacks against US companies and allies exploiting Microsoft Exchange servers.
The Biden administration attributed “with a high degree of confidence that malicious cyber actors affiliated with PRC’s MSS conducted cyber espionage operations utilizing the zero-day vulnerabilities in Microsoft Exchange Server disclosed in early March 2021.”