Jun 19, 2018

Researchers discover espionage group from China hiding in plain sight

Joe Uchill

A stylized map of the globe with network lines connecting continents — Photo: KTS Design/Science Photo Library via Getty Images

Symantec researchers announced the discovery of a new espionage group they nicknamed Thrip in a blog post Tuesday afternoon.

The details: Thrip appears to be launched from systems in China and targets satellite communications, geospatial imaging systems, military and telecoms in the U.S. and Asia.

Thrip has been active since at least 2013.
The group initially used custom malware but adjusted to a technique known as "living off the land" — using common free tools with legitimate uses that do not draw suspicion. It still uses several pieces of custom malware against high priority systems.
Symantec is crediting an artificial intelligence threat-tracking system for discovering Thrip — it flagged an irregular use of one of these tools.

Correction: This post originally reported the group's nickname, incorrectly, as "Thirp."

Add Axios on Google

Researchers discover espionage group from China hiding in plain sight

What to read next