A cyber-espionage group historically believed to be operating in the interests of the Chinese government is believed to have hacked a UK government contractor from where security researchers found evidence that attackers stole information related to UK government departments and military technology.
Attackers used never-before-seen tools, old malware, but also employed legitimate apps found on the compromised systems in an attempt to remain undetected for as long as possible.
Security researchers from NCC Group, who investigated the hacks, said they kicked hackers off the victim’s network once, but they regained access after a couple of weeks, even deploying new malware in the attack, in an attempt to prolong their stay.
The attackers have been identified by the codename of APT15. This codename describes a cyber-espionage outfit whose operations have been previously detailed in reports from other security vendors who used other names such as Ke3chang, Mirage, Vixen