Watering Hole Campaign Compromises More Than 50 Companies
Further research into one China-linked espionage group finds a network of more than 100 Websites, serving a variety of industries and government agencies, that have been compromised to infect targets with espionage trojans.An espionage group with links to China has systematically infected more than 100 Web destinations that are popular with a variety of industries and government agencies as part of a scheme to infect sensitive targets, managed-security firm Dell SecureWorks said on Aug. 5. The team of spies, which Dell labeled "Threat Group 3390" and which security firm CrowdStrike calls "Emissary Panda," use sophisticated methods and detailed planning to infiltrate targets, Andrew White, senior security researcher with Dell SecureWorks' Counter Threat Unit, told eWEEK. By knowing which Websites their targets visit and compromising those sites, Threat Group 3390 has infected more than 50 companies in the automotive, electronic, aeronautical, pharmaceutical and oil-and-gas industries. "They collect information on what data is on the network, and then they come back with a shopping list of what they are interested in, and exfiltrate the data," White said. Espionage attacks have taken off in the past year. China-linked hackers have been tied to the breach of the Office of Personnel Management, which led to the exfiltration of files detailing the background checks on more than 22 million federal employees, contractors and job applicants. The same group has also been implicated in the breaches of health care insurer Anthem and United Airlines.
The group investigated by Dell SecureWorks is not new, but many of the details of their watering hole strategy were not previously known, White said. Security firm CrowdStrike noted the group's focus on embassies and dubbed it Emissary Panda.