France says China state hackers are using compromised routers in massive attack campaign

Photo (c) SEAN GLADWELL - Getty Images

Officials say hackers are targeting organizations through compromised routers

Authorities from France warned Wednesday that Chinese hackers are using hacked home and office routers as part of a large and ongoing attack campaign. 

In an advisory, France’s National Agency for Information Systems Security (ANSSI) said a hacking group known as APT31 (sometimes known as Zirconium or Judgment Panda) is using compromised routers to target French organizations. 

“ANSSI is currently handling a large intrusion campaign impacting numerous French entities,” ANSSI warned. “Attacks are still ongoing and are led by an intrusion set publicly referred to as APT31. It appears from our investigations that the threat actor uses a network of compromised home routers as operational relay boxes in order to perform stealth reconnaissance as well as attacks.”

The advisory did not specify which organizations were targeted in the campaign, but ANSSI said around 160 IP addresses can be used to indicate whether an organization has been a target. 

More scrutiny over supposed China hacking

France joins other foreign governments in accusing Chinese state-backed hackers of malicious cyber activity. Earlier this week, the U.S. and its allies formally accused China of being responsible for the Microsoft Exchange Server hack that compromised the information of numerous organizations. Beijing denied the hacking charges. 

“The United States ganged up with its allies to make unwarranted accusations against Chinese cybersecurity,” said foreign ministry spokesman, Zhao Lijian. “This was made up out of thin air and confused right and wrong. It is purely a smear and suppression with political motives. China will never accept this.” 

Take an Identity Theft Quiz. Get matched with an Authorized Partner.