Stealth recon and intrusion
On Wednesday, France’s National Agency for Information Systems Security—abbreviated as ANSSI—warned national businesses and organizations that the group was behind a massive attack campaign that was using hacked routers prior to carrying out reconnaissance and attacks as a means to cover up the intrusions.
“ANSSI is currently handling a large intrusion campaign impacting numerous French entities,” an ANSSI advisory warned. “Attacks are still ongoing and are led by an intrusion set publicly referred to as APT31. It appears from our investigations that the threat actor uses a network of compromised home routers as operational relay boxes in order to perform stealth reconnaissance as well as attacks.”