APT31 modus operandi attack campaign targeting France
released on 2021-07-22 @ 08:37:02 AM
ANSSI is currently dealing with a vast campaign of compromise affecting many French entities. The latter, still in progress and particularly virulent, is carried out by the APT31 operating mode. Investigations show that this operating mode compromises routers to use them as anonymization relays, prior to carrying out reconnaissance and attack actions. Thus, markers, coming from routers compromised by the attacker, are provided to make it possible to search for compromises (since the beginning of the year 2021) and to put them in detection.