Jun 19, 2018

Researchers discover espionage group from China hiding in plain sight

A stylized map of the globe with network lines connecting continents

Photo: KTS Design/Science Photo Library via Getty Images

Symantec researchers announced the discovery of a new espionage group they nicknamed Thrip in a blog post Tuesday afternoon.

The details: Thrip appears to be launched from systems in China and targets satellite communications, geospatial imaging systems, military and telecoms in the U.S. and Asia.

  • Thrip has been active since at least 2013.
  • The group initially used custom malware but adjusted to a technique known as "living off the land" — using common free tools with legitimate uses that do not draw suspicion. It still uses several pieces of custom malware against high priority systems.
  • Symantec is crediting an artificial intelligence threat-tracking system for discovering Thrip — it flagged an irregular use of one of these tools.

Correction: This post originally reported the group's nickname, incorrectly, as "Thirp."

Go deeper