A Chinese hacking group called Thrip has begun a campaign to hack satellite, defense, and communications companies in the United States and Southeast Asia, according to cybersecurity firm Symantec.
The methods used by the group represent an increase both in sophistication and aggressiveness. The intention seems to be disruption rather than more run-of-the-mill spying or information gathering. Thrip also targeted organizations specializing in geospatial imaging for location-based programs, including machines running Google Earth Server.
Since Thrip’s last hacking campaign, its methods have evolved from strictly malware-based attacks to incorporating “living off the land” tactics, where legitimate network administration tools are also utilized.
The campaign appears to have started roughly around the time the Trump administration began to float threats of a trade war with China, and could represent a shift in the cyber-cease fire originally agreed to between Xi Jinping and then President Obama.
Read Symantec’s announcement here.