China-based Thrip hacking group targets U.S. telecoms

China-based Thrip hacking group used legitimate tools to attack companies in the U.S. and Southeast Asia. Plus, election officials didn't know about hacks, and more. A Chinese cyberespionage group has been using "living off the land" techniques to hack satellite, telecom and defense companies in Southeast Asia and the United States. According to the Security Response Attack Investigation Team at security software company Symantec Corp., the Thrip hacking group has been using legitimate admin tools and features to compromise networks -- a tactic called "living off the land." "The purpose of living off the land is twofold," the Symantec researchers explained in a blog post. "By using such features and tools, attackers are hoping to blend in on the victim's network and hide their activity in a sea of legitimate processes. Secondly, even if malicious activity involving these tools is detected, it can make it harder to attribute attacks." Symantec said it used its Targeted Attack Analytics tool to scan for attack patterns, which is what led the researchers to uncover these attacks in January 2018. According to the research, an attacker was using PsExec -- a free Microsoft command-line tool used to execute processes on other systems -- in a telecom company in Southeast Asia to remotely install the Trojan.Rikamanu malware, which has been previously associated with the Thrip hacking group. From there, Symantec said, "we broadened our search to see if we could find similar patterns that indicated Thrip had been targeting other organizations. We uncovered a wide-ranging cyberespionage campaign involving powerful malware being used against targets that are a cause for concern."