In the world of cyberespionage, hacker groups linked with China and Russia are widely considered to be some of the boldest in how they go after their targets. Over the past few years, several China-linked hacker groups have been publicly called out, especially by the U.S. government, for launching attacks against U.S. government targets and stealing classified proprietary information. However, it now appears Chinese hacker groups may have shifted focus from the U.S. to steal from other nations.
A cyberespionage group, believed to have ties with the Chinese government, was accused of hacking a U.K. government contractor. The hacker group is known by several names including APT15, Ke3chang, Mirage, Vixen Panda GREF and Playful Dragon.
According to security researchers at NCC Group, who uncovered the attack, the cyberespionage group used new tools and techniques to carry out the assault. Researchers said the hackers used a combination of several new backdoors and old malware, in efforts to remain undetected in the target’s systems for as long as possible.
“Espionage by foreign governments should not come as a shock to anyone, these days. False Flags, double bluffs and blatant denials should also be expected. These attack tools have been associated with a group that targeted foreign affairs ministries in the past. We do not know if the attack is limited to the UK at this point. The wide range of tools used suggests a requirement for many capabilities in the target network; from this, we can infer that intellectual property was the target of the attack,” Andy Norton, director of threat intelligence at Lastline — a cyber security company and breach detection platform provider — told IBTimes.