‘State hackers use consumer router network for attacks in France’
Hacker group APT31 uses a network of home users’ routers to launch attacks against French entities. The French national agency for IT security warns against this. Almost all routers are located outside the EU.
It French agency Anssi says that a “major intrusion campaign” is now underway, targeting French entities. The attacks are still ongoing and are led by APT31. This is a group of hackers who, according to cybersecurity companies like FireEye affiliated with the Chinese government.
According to Anssi, APT31 uses the compromised consumer routers as operational relay boxes to conduct reconnaissance and attacks unnoticed. Anssi therefore shares indicators of compromises so that people can recognize whether routers are compromised or not. This includes IP addresses that are shared.
Security researcher BushidoToken says on Twitter having looked at those 161 IP addresses; this would show that more than a third come from Russia. Almost twenty percent would consist of Egyptian IP addresses. There would also be many Moroccan and Thai IP addresses, as well as many addresses from the United Arab Emirates. A single address would come from the Benelux.