Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Communications China Security Wireless Networking

Chinese Hackers Used Mesh of Home Routers To Disguise Attacks (therecord.media) 25

An anonymous reader quotes The Record: A Chinese cyber-espionage group known as APT31 (or Zirconium) has been seen hijacking home routers to form a proxy mesh around its server infrastructure in order to relay and disguise the origins of their attacks.

In a security alert, the French National Cybersecurity Agency, also known as ANSSI (Agence Nationale de la Sécurité des Systèmes d'Information), published a list of 161 IP addresses that have been hijacked by APT31 in recent attacks against French organizations. French officials said that APT31's proxy botnet was used to perform both reconnaissance operations against their targets, but also to carry out the attacks themselves. The attacks started at the beginning of 2021 and are still ongoing...

The Record understands that APT31 used proxy meshes made of home routers as a way to scan the internet and then launch and disguise its attacks against Exchange email servers earlier this year; however, the technique was also used for other operations as well.

This discussion has been archived. No new comments can be posted.

Chinese Hackers Used Mesh of Home Routers To Disguise Attacks

Comments Filter:
  • by BardBollocks ( 1231500 ) on Saturday July 31, 2021 @08:41PM (#61642861)

    ... how do they know it was China?

    or is that too obvious and inconvenient?

    • Re: (Score:2, Troll)

      by bug1 ( 96678 )

      Exactly, it would great of journalists and law enforcement had enough understanding of technology to understand the internet cant resolve to the biological level.

      And even if it could determine an actual human (not a bot or relay) was using a specific computer, how do they determine the nationality of that individual as opposed to the country they reside in.

      Law enforcement are stupid idiots unfortunately.

    • by Graymalkin ( 13732 ) * on Sunday August 01, 2021 @12:42AM (#61643213)

      I know you're trolling but if you even just read the summary the identity of the group doing the hacking is APT31. Various hacking concerns get groupings based on their apparent skill level, the tools they use, types of operations they conduct, and particular strategies they use.

      If a particular hack is investigated and is found to use tools (including things like C&C servers), strategies, and skill level of a known group there's a high likelihood that group in fact perpetrated the hack.

      APT31 has been associated with China from forensic analysis of recovered tools/exploits and their targets. The actual address attacks come from is largely immaterial.

      • by Anonymous Coward

        (1) Any country and even NGOs can have similar skill levels as a known group.
        (2) Once a group does a certain technique that was unknown any country or person can use the same idea, as code doesn't exactly self-destruct, and can be reemployed. "Cyberweapons" aren't bombs. Even the US CIA/NSA could be using the same tools as APT31 once APT31 uses their tools even once.

        Actual attribution is mostly political. Perhaps you can look at a target, and extrapolate that some country may have more interest in that tar

  • That was my idea!

    • That was my idea!

      If you wanted to keep it secret, you should have used a better password on your router...

      • If you wanted to keep it secret, you should have used a better password on your router...

        Oh please, nobody is going to guess "hunter2".

  • No mesh (Score:4, Interesting)

    by bill_mcgonigle ( 4333 ) * on Sunday August 01, 2021 @03:50AM (#61643379) Homepage Journal

    Mesh, mesh, mesh.

    I read the article, tweets, and French advisory and nothing talks about meshing except for the lamestream article.

    Here I thought that the attackers had done something clever, like implemented their own private Tor or used client-mode configs to other AP's in apartment buildings for stealth.

    But, no, they're just proxies.

    Maybe next year.

  • So we keep reading about the nasty russian and terrible chineese hackers. I have a hard time believing US is sitting on their thumbs and not doing exactly the same to everyone else. Anyone remember that "Swiss company" quietly purchased by the CIA to provide encryption devices to everyone?
  • slashdot: Enough with this anti commie cyber BS

An authority is a person who can tell you more about something than you really care to know.

Working...