Symantec’s Targeted Attack Analytics (TAA) technology employed advanced artificial intelligence (AI) to uncover the campaign, which targeted satellite communications, telecoms, geospatial imaging, and defence specialists in the United States and Southeast Asia.
The AI alerted Symantec’s Attack Investigations Team to activity that on the surface appeared innocuous but set them on the path to exposing the truth. Symantec has been investigating Thrip since 2013, and has discovered new tools and techniques used by the group as part of these latest attacks.
“This is likely espionage,” said Symantec CEO Greg Clark. “The Thrip group has been working since 2013 and their latest campaign uses standard operating system tools, so targeted organisations won’t notice their presence. They operate very quietly, blending in to networks, and are only discovered using artificial intelligence that can identify and flag their movements.
“Alarmingly, the group seems keenly interested in telecom, satellite operators, and defence companies. We stand ready to work with appropriate authorities to address this serious threat.”
The targeting of telecoms and satellite operators is worrying, given that attackers could potentially intercept or even alter communications traffic from businesses or consumers. The findings could also intensify privacy concerns, which are already sky-high following implementation of the new GDPR regulations and a raft of VPNFilter attacks on internet routers in recent weeks.
Symantec has responded by opening up a brand new privacy centre and data protection lab, which will provide consumers with greater control over their data and outfit organisations with the tools necessary to help them manage the data they handle more responsibly.