Symantec: APT Chinese hacker group Thrip attacked US military satellite system & Southeast Asia

Do Son June 21, 2018 2 minutes read

The U.S. cybersecurity giant claimed that hackers attacked the U.S. satellite system. According to reports, satellite systems in the military also invaded. The security company Symantec said on Tuesday that the company’s artificial intelligence-based network security monitoring tools recently discovered that hacking organisations are imaging satellite communications, telecommunications, and geospatial photography in the United States and Southeast Asian countries. Service and military systems conduct cyber attacks.

Symantec Corp. said in a statement that the company has been tracking this network attack organisation named “Thrip” since 2013. The statement said that Symantec’s Artificial Intelligence-based “Targeted Attack Analytics” (TAA) tool discovered in January 2018 that some computers from several regions had launched malicious actions against satellite systems.

Symantec believes that the attacks of this organisation are cyber espionage but have exposed their strategy of destroying the operating system of the attack target. Symantec Corp. said that it could determine that the organisation can take more offensive and destructive activities on the goal.

Symantec reports: “We’ve been monitoring Thrip since 2013 when we uncovered a spying campaign being orchestrated from systems based in China. Since our initial discovery, the group has changed its tactics and broadened the range of tools it used. Initially, it relied heavily on custom malware, but in this most recent wave of attacks, which began in 2017, the group has switched to a mixture of custom malware and living off the land tools.”

Symantec’s statement stated that the hacking organisation’s attack on the telecommunications sector and satellite operating systems showed that hackers could intercept or even distort the communications transmitted to users by the network operating agencies.

Symantec reports: “The satellite operator wasn’t the only communications target Thrip was interested in. The group had also targeted three different telecoms operators, all based in Southeast Asia.“

Symantec Corporation stated that their related software has already banned hackers from the affected computer systems, and has already linked with the U.S. Central Intelligence Agency, the Department of Homeland Security and the Asian Defense Department shared relevant technical information.

Through analysis of relevant data, the company can find real hacking gangs. In the past few years, the company has begun to use machine learning technology to analyse the existence of frequent attacks in massive amounts of data and to lock down the identity of hacking gangs.

Support Our Threat Intelligence

If you find our CVE report and cybersecurity news helpful, consider supporting our work.

Buy Me a Coffee PayPal

Written by

@DdoS · Security Researcher

Do Son

Do Son is the Founder and Editor of SecurityOnline.info. Working in cybersecurity since 2013, he reports on vulnerabilities, malware, and emerging threats, providing timely analysis to help organizations and individuals stay ahead of evolving risks.

Tags: Thrip hacker