A China-based cyberespionage group may be targeting United States engineering and maritime industries tied up in activities centering on the South China Sea.
The Group, called TEMP.Periscope or Leviathan, has been active since at least 2013. The latest wave of attacks started at the beginning of 2018 and is described as a ‘sharp escalation’ of activity since 2017.
“FireEye found a group of Chinese cyber-spies that appear to specialize in collecting data on maritime industries, and more broadly, the engineering sector. This group, which we call TEMP.Periscope, had gone quiet like many other Chinese groups after the Obama-Xi agreement in late 2015,” explains FireEye senior analyst Fred Plan.
The attacks have used malware often shared with other China-based cybercrime groups to attack targets including those involved in the maritime and engineering sectors. Other industries including research institutes, academic organizations and private firms in the United States.
Attacks have also focused on targets in Europe and at least one in Hong Kong, FireEye believes.
The group also uses a number of other tactics to infiltrate targets:
FireEye says that the attacks are likely the result of the group’s plans to collect information that could provide economic advantage, intellectual property, an edge in commercial negotiations or research and development data.
“Because of the group’s tendency to target engineering organizations we believe the group is seeking technical data that can help inform strategic decision-making. Hypothetically, this could be used to answer questions like ‘what is the range and effectiveness of this marine radar system?’ or ‘how precisely can a system detect and identify activities at sea?’” Plan concludes.