A suspected Chinese hacking group known as “Flea” was behind a recent campaign of attacks on foreign ministries, according to research published on Wednesday.
(Bloomberg) — A suspected Chinese hacking group known as “Flea” was behind a recent campaign of attacks on foreign ministries, according to research published on Wednesday.
The hacking group, also known as APT15 and Nickel, focused on foreign affairs ministries in the Americas, but also targeted a government finance department and a corporation that sells products in Central and South America, according to researchers at Symantec, part of Broadcom Inc. Symantec didn’t identify the ministries that were hit.
Flea used a new “backdoor,” or a means of accessing a computer system that bypasses security mechanisms, to conduct the attacks, according to Symantec. The group has allegedly used other backdoors in prior attacks.
A representative for the Chinese embassy in Washington didn’t immediately respond to a request for comment.
Flea has been in operation since at least 2004 and in recent years has primarily focused on attacks against government organizations, diplomatic entities and non-governmental targets in order to gain persistent access for intelligence gathering, according to Symantec.
In December 2021, Microsoft Corp. obtained a court order allowing the company to seize websites that it said Flea was using to attack organizations in the US and 28 other countries. Last year, the cybersecurity firm Lookout Inc. linked Flea to a campaign targeting Uyghur-language websites and social media.
Symantec didn’t tie Flea to China or any other nation. However, Microsoft described it as a China-based hacking group, and the cybersecurity firm Mandiant, now part of Google Cloud, says the group is likely associated with China.
More stories like this are available on bloomberg.com
©2023 Bloomberg L.P.