A suspected Chinese hacking group known as “Flea” was behind a recent campaign of attacks on foreign ministries, according to research published on Wednesday.
The hacking group, also known as APT15 and Nickel, focused on foreign affairs ministries in the Americas, but also targeted a government finance department and a corporation that sells products in Central and South America, according to researchers at Symantec, part of Broadcom Inc. Symantec didn’t identify the ministries that were hit.
ALSO READ l Cybercrime alert: How this Mumbai based IT professional lost almost 2 lakhs in courier related fraud
Flea used a new “backdoor,” or a means of accessing a computer system that bypasses security mechanisms, to conduct the attacks, according to Symantec. The group has allegedly used other backdoors in prior attacks.
A representative for the Chinese embassy in Washington didn’t immediately respond to a request for comment.
Flea has been in operation since at least 2004 and in recent years has primarily focused on attacks against government organizations, diplomatic entities and non-governmental targets in order to gain persistent access for intelligence gathering, according to Symantec.
In December 2021, Microsoft Corp. obtained a court order allowing the company to seize websites that it said Flea was using to attack organizations in the US and 28 other countries. Last year, the cybersecurity firm Lookout Inc. linked Flea to a campaign targeting Uyghur-language websites and social media.
Symantec didn’t tie Flea to China or any other nation. However, Microsoft described it as a China-based hacking group, and the cybersecurity firm Mandiant, now part of Google Cloud, says the group is likely associated with China.
ALSO READ l Amazon duped millions of consumers to subscribe to Prime without consent: US FTC
