China-based hackers breached satellite, defense firms: study

China-based hackers breached satellite, defense firms: study
© Getty Images

China-based hackers infiltrated satellite operators, defense contractors and telecommunications companies in the U.S. and southeast Asia, according to researchers at Symantec Corp.

The company said that the breach was driven by national espionage goals, such as intercepting military and civilian communications.

The researchers could not identify what communications, if any, were taken by the hackers. They noted that the hackers got into computers that control the satellites and could have changed the position of the devices and disrupted data movement.

ADVERTISEMENT

However, the company told Reuters that the hackers had been removed from the infected systems.

Symantec said they gave the information they had to the FBI and the Department of Homeland Security.

They first detected something was wrong in January and attributed the hacking efforts to a group Symantec calls Thrip.

Thrip was active from 2013 but went quiet for about a year until they began their most recent campaign a year ago. In their return, they developed new tools and used more widely available programs, Reuters reported.

It is still unclear how the group breached the systems. In the past, the group had used infected emails but this time they did not infect most user computers. Instead, they moved within servers, which is harder to detect, Reuters reported.

Symantec did not blame the Chinese government. It said the attack was launched from three computers based in China but noted the computers could have been compromised by someone working outside of China.