Government agencies and private companies have been warned of an advanced persistent threat (APT) that has been targeting their networks and stealing information for more than five years, according to a warning issued by the FBI in February.
The FBI flash alert — first obtained and dissected by Motherboard — notified agencies and companies to an ongoing hacking campaign using various compromised websites and spear-phishing tactics to infiltrate networks as far back as 2011.
Flash Alert: FBI Notice of Advanced Persistent Threat
Citing cybersecurity researchers, Motherboard reporter Lorenzo Franceschi-Bicchierai said the likely culprits are APT6, a hacking group associated with the Chinese government.
While the campaign has been disrupted — the FBI shut down the compromised domains — Franceschi-Bicchierrai notes it is unclear what information the hackers might have stolen. One researcher said the malware used was common for APT6 attacks targeting "the U.S. and U.K. defense industrial base."
An FBI spokesperson confirmed the flash alert but declined to add any new details.
"In furtherance of public-private partnerships, the FBI routinely advises private industry of various cyber threat indicators observed during the course of our investigations," the spokesperson said. "Much of the information contained in the release on Feb. 12 was already identified by private sector companies, however, the release was important to add credibility and urgency to the private sector announcements and ensure that the message reached all members of the cybersecurity information sharing networks."
The flash alert also provides a list of compromised domains that should be considered suspicious.
These include spoofed news sites, like foxnewslist.com; fake government sites, like milsatcom.us; and even pretend cybersecurity sites, like intelantivirus.com. [Note: Do not go to these sites.]
"Any activity related to these domains detected on a network should be considered an indication of a compromise requiring mitigation and contact with law enforcement," the alert reads.
Aaron Boyd is an awarding-winning journalist currently serving as editor of Federal Times — a Washington, D.C. institution covering federal workforce and contracting for more than 50 years — and Fifth Domain — a news and information hub focused on cybersecurity and cyberwar from a civilian, military and international perspective.
