Today, the French national cyber-security agency warned of an ongoing series of attacks against a large number of French organizations coordinated by the Chinese-backed APT31 hacking group.
It appears from our investigations that the threat actor uses a network of compromised home routers as operational relay boxes in order to perform stealth reconnaissance as well as attacks, ANSSI (Agence Nationale de la Sécurité des Systèmes d’Information) says in an alert bulletin issued today.
As such, indicators of compromises (IOCs) are shared to help assess possible compromises (searches should start at the beginning of 2021) and used in detection services.
Organizations that detect any of the shared IOCs in their logs pointing at an attack potentially connected to this ongoing APT31 campaign are urged to report the incident to ANSSI via email.