Companies based in the United States and Southeast Asia were taken over by pirated operations in China, as reported by Symantec. The companies affected were majorly telecommunications, satellite operators, and defense contractors.
Though the researchers at the companies could not find which communications, if any at all, were taken, they deduced that the hackers infected computers that controlled satellites to affect data traffic and interfere in the positioning of orbit devices.
Symantec officials claim that the actions appeared to initiate national espionage, by intercepting military and civilian communications. Vikram Thakur, technical director at Symantec, said that disruption of satellites has substantial inverse impacts on civilian and military installations. This involved satellites significant contribution in positioning and mapping systems as well as some internet links used on cellular devices.
Based in California, Symantec had informed Reuters ahead of public releases about the incident and said that the hackers had been removed from the infected systems.
Symantec has already shared all technical information regarding the hack with the U.S Federal Bureau of Investigation and Department of Homeland Security, and public defense departments in Asia. However, FBI did not respond with any comments after a request from Symantec.
Thakur explained how Symantec detected unusual activities in common software in client sites in January, which followed the investigation of the issue. He claimed that the group, named Thrip, was responsible for the mishap which had been active from 2013, but disappeared from the radar afterward. Many such instances have taken place like FireEye claiming a group it called Temp. Periscope infected defense companies and shippers last summer.
But it is still unknown how Thrip entered in the latest software and systems.
It became harder to detect the malicious activities in computing devices as it moved along various servers unlike previously when infected emails or attachments led users to malicious links which was much more straightforward to detect.
Though the initiation took place in China, Symantec made it clear that they do not blame the Chinese government for any part of the incident. Further, it said the activity started from three computers on the mainland. It is believed that the computers may have been obtained by someone elsewhere.
Symantec is a provider of one of the most famous paid security software around the globe including a plethora of exclusive software and services for companies and public departments and agencies.