FireEye has released new research which sheds light on activity from suspected Chinese cyber espionage group, dubbed TEMP.Periscope, which targets U.S. engineering and maritime industries. In summary:
- Since at least early 2018, FireEye has observed an ongoing wave of intrusions, suspected to be from TEMP.Periscope, targeting engineering and maritime entities, especially those connected to South China Sea issues.
- Active since at least 2013, TEMP.Periscope has primarily focused on maritime-related targets across multiple verticals including engineering firms, shipping and transportation, manufacturing, defense, government offices, and research universities.
- Identified victims were mostly found in the US, although organisations in Europe and at least one in Hong Kong have also been affected.
More details can be found in the report:
Quote:
“FireEye found a group of Chinese cyber-spies that appear to specialize in collecting data on maritime industries, and more broadly, the engineering sector. This group, which we call TEMP.Periscope, had gone quiet like many other Chinese groups after the Obama-Xi agreement in late 2015. FireEye observed TEMP.Periscope resurfacing around the summer of 2017, and the group has been particularly active since this past February. The organizations targeted by TEMP.Periscope have a connection to the ongoing disputes in the South China Sea. They or their customers are involved in military and defense, or the shipping business, or they are developing technologies that would be advantageous to the defense industry or governments in the region. Because of the group’s tendency to target engineering organizations we believe the group is seeking technical data that can help inform strategic decision-making. Hypothetically, this could be used to answer questions like ‘what is the range and effectiveness of this marine radar system?’ or ‘how precisely can a system detect and identify activities at sea?’” — Fred Plan, Senior Analyst at FireEye