Hacker Group in China May Disrupt U.S. Satellites, Cybersecurity Firm Warns

Satellite Hacking
Symantec said a cyber-espionage group based in China appears to be interested in finding out how to infect computers running software that monitors and controls satellites. iStock

A cyber-espionage group operating from computers inside China is currently targeting U.S. satellite communications and defense sectors as part of a "wide-ranging" operation. They may soon seek to disrupt critical systems, according to cybersecurity firm Symantec's Security Response Attack Investigation Team.

The hacking collective, codenamed Thrip, has been using powerful malware against targets in the U.S. and Southeast Asia, researchers said in a detailed analysis published on Tuesday. Symantec's experts said the team has been active since at least 2013 and is highly motivated by spying. But they warned its tactics could turn nasty by taking a more "aggressive" approach in the future.

Thrip, the report said, relies on a cocktail of custom malware and legitimate network administration tools to compromise computers. The campaign has been tied to three computers in China, but Symantec did not elaborate on who is pulling the strings, or if they could potentially be linked to the government. As Russian cybersecurity chief Eugene Kaspersky noted this week, accurate attribution is now harder than ever.

Symantec said the hackers appear to be interested in finding out how to infect computers running software that monitors and controls satellites. Another target in the hacking group's latest operation—which was launched in 2017 according to Symantec—was an organization involved in geospatial imaging and mapping. The hackers also targeted computers running Google Earth Server and Garmin imaging software, researchers said. In addition, they targeted three different telecommunications operators located in Southeast Asia.

While the culprits still remain a mystery, their tools do not. Researchers found malware designed to steal data, log keystrokes and create backdoors. Some had links to "underground Chinese hackers."

"This is likely espionage," said Greg Clark, chief executive of Symantec. "The Thrip group has been working since 2013 and their latest campaign uses standard operating system tools, so targeted organizations won't notice their presence. They operate very quietly, blending in to networks, and are only discovered using artificial intelligence that can identify and flag their movements."

He added: "Alarmingly, the group [is] keenly interested in telecom, satellite operators and defense companies. We stand ready to work with appropriate authorities to address this serious threat."

Cybersecurity companies have long tracked China-based cyber-espionage operations, and it is widely believed that North Korea's hacking groups rely on computer infrastructure in the country.

In March this year, experts from FireEye found a suspected Chinese campaign that was targeting engineering and maritime sectors in the U.S. with ties to the South China Sea territory dispute. Back in 2015, China and U.S. agreed to reduce state-sponsored theft of intellectual property. The loose cyber-truce followed the massive hack of federal records from the U.S. Office of Personnel Management (OPM) that was blamed on Beijing. While the results did have an effect, cyber-espionage persists.

So, it seems that Donald Trump may need Space Force after all.

Computer Code
A cyber-espionage group operating from computers based inside China is currently targeting the U.S. satellite communications, experts warn. iStock