Cyber Group Targets Satellites, Telecom

A cyber-espionage group infiltrated satellite, telecom and defense companies in the US and Southeast Asia, and evidence suggests that the campaign's objective was espionage. Identified by Symantec and announced on 19 June, the campaign originated from machines based in mainland China, according to researchers. Thus far, the analysis suggests that the defense, telecom and satellite sectors – more specifically, the geospatial sector – have been targeted. In the geospatial sector, the group targeted computers running MapXtreme GIS (geographic information system) software, used to develop custom geospatial applications and to integrate location-based data. Not surprisingly, machines running Google Earth Server and Garmin imaging software were also targeted. “The Thrip group has been working since 2013 and their latest campaign uses standard operating system tools, so targeted organizations won’t notice their presence,” said Greg Clark, Symantec CEO, said in a press release. "They operate very quietly, blending in to networks, and are only discovered using artificial intelligence that can identify and flag their movements. Alarmingly, the group seems keenly interested in telecom, satellite operators, and defense companies. We stand ready to work with appropriate authorities to address this serious threat."