The French National Agency for the Security of Information Systems (ANSSI) announced that the organisation is combating a large scale attack co-ordinated by Chinese government sponsored hacking groups, launched via infected routers.
The revelations have prompted the cyber agency to release a guide to help companies determine whether or not they were the targets of the incursion.
According to cyber security sources, the alleged group behind the incursion is Chinese government backed APT31. APT31 has also been dubbed Zirconium and Judgement Panda.
"ANSSI is currently handling a large intrusion campaign impacting numerous French entities. Attacks are still ongoing and are led by an intrusion set publicly referred as APT31," the agency said in a release.
"It appears from our investigations that the threat actor uses a network of compromised home routers as operational relay boxes in order to perform stealth reconnaissance as well as attacks."
According to FireEye, APT31 has targeted myriad industries, such as “government, international financial organisation, and aerospace and defence organisations, as well as high-tech, construction and engineering, telecommunications, media, and insurance”.
The group has utilised SOGU, LUCKYBIRD, SLOWGYRO and DUCKFAT malware, and exploits Java and Adobe Flash to target victims.
The revelation of the attack comes shortly after the global condemnation of state sanctioned and state sponsored hacking efforts from China.
“Today, the Australian government joins international partners in expressing serious concerns about malicious cyber activities by China's Ministry of State Security,” a joint release from Minister for Foreign Affairs Marise Payne, Minister for Home Affairs Karen Andrews and Minister for Defence Peter Dutton read.
“In consultation with our partners, the Australian government has determined that China's Ministry of State Security exploited vulnerabilities in the Microsoft Exchange software to affect thousands of computers and networks worldwide, including in Australia. These actions have undermined international stability and security by opening the door to a range of other actors, including cyber criminals, who continue to exploit this vulnerability for illicit gain.
“The Australian government is also seriously concerned about reports from our international partners that China's Ministry of State Security is engaging contract hackers who have carried out cyber-enabled intellectual property theft for personal gain and to provide commercial advantage to the Chinese government.”
In March this year, it was revealed that the APT31 hacking group was behind a 2020 attack on the Finnish Parliament.
“Last year, the Security Police has identified a state cyber espionage operation against Parliament, which tried to infiltrate Parliament’s information systems. According to intelligence from the Security Police, this was the so-called APT31 operation,” the Finnish government released.