The German Federal Office for the Protection of the Constitution issued a warning that Chinese hacking groups APT15 and APT31 are targeting German small and medium-sized enterprises and home networks, using the hacked networks to hide their identities when attacking German national and government institutions.
The agency’s cyber briefing report on Thursday said that the hacking groups successfully breached the German Federal Agency for Cartography and Geodesy (BKG) two years ago. The BKG is responsible for creating detailed maps and assessing satellite imagery. The report outlined how the hacking groups exploit security vulnerabilities to gain control of terminals, networks and devices in homes and small businesses.
The agency advised that companies and individuals should update their security software, take stock of all devices on their networks, replace old equipment that can no longer be updated, and change default passwords on new devices.
The hackers exploit flaws in routers, printers, smart home devices, lights, heaters, solar panels and more, using the hacked hardware to conceal their attacks on German national and political bodies. Once they control these devices, they can launch cyber-attacks against organizations, companies and government institutions while hiding behind private, inconspicuous networks.
Source: Deutsche Welle, September 1, 2023