Chinese hackers hijack auth flow, spy on isolated network for a decade
C BleepingComputer ·
Admiralty grading (A–F · 1–6)
Source reliability
- A Completely reliable
- B Usually reliable
- C Fairly reliable
- D Not usually reliable
- E Unreliable
- F Cannot be judged
Information credibility
- 1 Confirmed
- 2 Probably true
- 3 Possibly true
- 4 Doubtful
- 5 Improbable
- 6 Cannot be judged
NATO Admiralty (AJP-2.1) grades confidence, independent of the risk score. Cross-source corroboration isn't tracked for non-CVE news, so single-source items are capped at a lower credibility number; a low number does not imply low quality.
Key insight
Chinese threat actors demonstrate capability for undetected decade-long compromise of isolated/air-gapped networks through authentication mechanism manipulation, raising critical concerns for European manufacturing and critical infrastructure environments.
Description
The report documents a Chinese state-sponsored APT campaign that has conducted surveillance of isolated network infrastructure for over a decade through authentication flow hijacking. Attackers exploit vulnerabilities in authentication mechanisms to maintain persistent access to systems typically disconnected from the internet. This technique enables prolonged dwell time and data exfiltration without detection by standard-based security tools. The campaign affects organizations operating critical infrastructure and industrial production systems.
Risk score
- strategic relevance
- 0.80
Path: strategic