- When the Sentinellabs were targeted, scientists put on the lookout for more victims
- They found 75 organizations all over the world in different industries
- Researchers believe China may be placing for conflict, in cyberspace or other places
Chinese hackers have been targeting companies around the world for about a year now and have managed to compromise with at least 75 organizations – although the actual number of victims could be much larger.
CyberSecurity scientists at Sentinellabs were warned about the campaign after their own infrastructure was targeted, and in an analysis they explained that after seeing this failed violation attempt, they began to look for more victims, tried to identify attackers and started deciding when the campaign started.
They concluded that the earliest evidence of the campaign was in June 2024, which means the attacks took place for about a year.
Preparing for war
They attributed the attacks to three China-bound threat actor collectives: APT15 (alias Ke3chang or Nylon Typhoon), UNC5174 and APT41.
The former is known for targeting Telcos, IT services and government sectors, and the UNC5174 is known to have ties to China’s State Department.
Apparently, it has also been involved in global espionage and resale campaigns. Finally, APT41 was previously seen using ShadowPad – also a piece of malware discovered in these attacks.
The CyberSpionage campaign targeted a wide range of victims, including an IT services and logistics firm that manages hardware needs for sentinelone employees, a leading European media organization (apparently targeted at intelligence collection, apparently) and a South Asian government unit providing IT services and infrastructure across several sector.
Sentinellabs say that most of the victims operate in manufacturing, government, economics, telecommunications and research sectors – all important, critical infrastructure organizations.
This prompted researchers to conclude that attackers were probably placed for potential conflict, either cyber -related or military.
“They may be going after government organizations for more direct espionage,” Sentinelone -threat -threat scientist Tom Hegel told Registered.
“And then large global media organizations – perhaps it is to dampen certain topics or interfere with them for reporting of certain things. If they sit on their opponent’s network – media organizations or government units or their defense companies – they are able to turn a switch whose conflicts should happen.”
