Researchers discover espionage group from China hiding in plain sight
Symantec researchers announced the discovery of a new espionage group they nicknamed Thrip in a blog post Tuesday afternoon.
The details: Thrip appears to be launched from systems in China and targets satellite communications, geospatial imaging systems, military and telecoms in the U.S. and Asia.
- Thrip has been active since at least 2013.
- The group initially used custom malware but adjusted to a technique known as "living off the land" — using common free tools with legitimate uses that do not draw suspicion. It still uses several pieces of custom malware against high priority systems.
- Symantec is crediting an artificial intelligence threat-tracking system for discovering Thrip — it flagged an irregular use of one of these tools.
Correction: This post originally reported the group's nickname, incorrectly, as "Thirp."