France says China state hackers are using compromised routers in massive attack campaign. The officials say hackers are targeting organizations through compromised routers. France’s National Agency for Information Systems Security(ANSSI) has warned national businesses and organizations that the group was behind a massive attack campaign that was using hacked routers prior to carrying out reconnaissance and attacks as a means to cover up the intrusions.
“ANSSI is currently handling a large intrusion campaign impacting numerous French entities,” an ANSSI advisory warned. “Attacks are still ongoing and are led by an intrusion set publicly referred to as APT31. It appears from our investigations that the threat actor uses a network of compromised home routers as operational relay boxes in order to perform stealth reconnaissance as well as attacks.”
However, the advisory did not specify which organizations were targeted in the campaign, but ANSSI said around 160 IP addresses can be used to indicate whether an organization has been a target
APT31 typically uses pwned routers within countries targeted as the final hop to avoid some suspicion, but in this campaign unless [French security agency] CERT-FR has omitted them, they are not doing it here,” Thomas said in a direct message. “The other difficulty here is that some of the routers will also likely be compromised by other attackers in the past or at the same time