FireEye, a leading cybersecurity company, released new research on Friday shedding light on activity from suspected Chinese cyber espionage group, dubbed TEMP.Periscope, targeting U.S. engineering and maritime industries.
Since at least early 2018, FireEye has observed an ongoing wave of intrusions suspected to be from TEMP.Periscope, the company said. These intrusions have primarily targeted engineering and maritime entities, especially those connected to South China Sea issues.
TEMP.Periscope, which has been active since at least 2013, has primarily focused on maritime-related targets across multiple verticals including engineering firms, shipping and transportation, manufacturing, defense, government offices, and research universities.
Identified victims were mostly found in the United States, although organizations in Europe and at least one in Hong Kong have also been affected.
According to FireEye, TEMP.Periscope had gone quiet just like many other Chinese groups after the Obama-Xi agreement in late 2015. However, the group was observed resurfacing in the summer of 2017, and it has been particularly active since this past February.
“The organizations targeted by TEMP.Periscope have a connection to the ongoing disputes in the South China Sea,” said Fred Plan, Senior Analyst at FireEye. “They or their customers are involved in military and defense, or the shipping business, or they are developing technologies that would be advantageous to the defense industry or governments in the region. Because of the group’s tendency to target engineering organizations we believe the group is seeking technical data that can help inform strategic decision-making. Hypothetically, this could be used to answer questions like ‘what is the range and effectiveness of this marine radar system?’ or ‘how precisely can a system detect and identify activities at sea?’”
You can find more of FireEye’s research here.