Symantec has found that a cyber espionage group called Thrip uses legitimate network administration and operating system tools to avoid detection and deploys custom malware to launch attacks on defense, satellite communications, geospatial imaging and telecommunications companies in the U.S. and Southeast Asia.
The company said Tuesday its research team discovered malicious behavior in January and linked the attack campaign to machines based in China using the Symantec-built Targeted Attack Analytics platform.
TAA is available on the company’s Advanced Threat Protection offering and works to leverage machine learning and artificial intelligence to screen telemetry data and identify patterns related to targeted attacks.
“The Thrip group has been working since 2013 and their latest campaign uses standard operating system tools, so targeted organizations won’t notice their presence,” said Symantec CEO Greg Clark.
Clark noted that the group quietly infiltrates networks and can only be detected through the use of AI tools.