Security News > 2021 > August > China-Linked Cyberespionage Operation Suggests Interest in SCADA Systems
A cyberespionage group that appears to be based in China has been seen targeting critical infrastructure organizations in Southeast Asia, and the attackers may be interested in industrial control systems.
Symantec, a division of Broadcom, reported on Thursday that its threat hunter group had seen attacks launched by a threat actor against four critical infrastructure organizations in an unnamed Southeast Asian country.
IP addresses, the malware used in the attacks, and the nature and location of the victims suggested that all of the four organizations were targeted by the same group.
In the attack aimed at the water company, the attackers gained access to a machine involved in the design of supervisory control and data acquisition systems, which suggests that they may have had an interest in such systems.
These tools enabled the attackers to steal credentials and other information, as well as to move laterally within the targeted network.
"The ability of the attacker to maintain a stealthy presence on the targeted networks for a number of months indicates they were skilled," Symantec said in a blog post.