- When Sentinellabs was attacked, the researchers appeared to look for more victims
- They found 75 organizations worldwide, in different industries.
- Researchers believe that China may be positioning the conflict, in cyberspace or elsewhere
Chinese computer pirates have been pointing to companies worldwide for about a year, and have managed to compromise at least 75 organizations, although the real number of victims could be much larger.
Sentinellabs’s cybersecurity researchers were alerted to the campaign after their own infrastructure was attacked, and in an analysis they explained that after detecting this failed attempt of rape, they began looking for more victims, they tried to identify the attackers and set out to determine when the campaign began.
They concluded that the earliest evidence of the campaign was in June 2024, which means that the attacks were occurring for about a year.
Preparation for war
They attributed attacks on three groups of threat actors linked to China: APT15 (also known as Ke3Chang or Nylon Typhoon), UNC5174 and APT41.
The first is known for attacking telecommunications companies, IT services and government sectors, and it is known that UNC5174 has ties with the Ministry of Security of the State of China.
Apparently, he has also been involved in global espionage and resale campaigns in the past. Finally, APT41 was previously using Shadowpad, a piece of malware seen in these attacks as well.
The cybernetic campaign was aimed at a wide range of victims, including a IT and Logistics Services Company that manages the hardware needs for Sentinelone employees, a leading European media organization (aimed at intelligence collection, apparently) and a government entity of southern Asia that provides IT services and multi -sectors infrastructure services.
Sentinellabs says that most victims are operating in manufacturing, government, finance, telecommunications and research sectors, all essential critical infrastructure organizations.
This led researchers to conclude that the attackers were probably positioning for a possible conflict, whether cyber or military.
“They could go after government organizations for a more direct espionage,” said Sentinelone Threat Tom Hegel threat researcher Tom Hegel The registration.
“And then the main global media organizations, perhaps is silencing certain issues or interrupting them for informing about certain things. If they are sitting in the networks of their adversaries, media organizations or government entities or their defense companies, they can turn a change if conflicts occur.”
