A hacking group with apparent ties to China is targeting airlines and semiconductor firms to steal intellectual property and personal data in repeated exfiltration efforts, according to NCC Group and its Fox-IT subsidiary.
The threat group, previously dubbed "Chimera," appears to have been most active between October 2019 and April 2020 but is likely still waging campaigns, NCC Group says. And the attackers might still be lurking within compromised networks "looking for the most recent crown jewels," it adds.
A 2020 report published by CyCraft noted that Chimera likely has ties to China.
The NCC Group report notes: "Our threat intelligence analysts noticed clear overlap between the various cases in infrastructure and capabilities, and as a result, we assess with moderate confidence that one group was carrying out the intrusions across multiple victims operating in Chinese interests."
The hacking operations "cut across geographical locations," NCC Group adds.
For airlines, the hackers target passenger name records and other information that can be used to track individuals' movements.
Read original article