Threat group abuses cloud services, targets semiconductor companies, airline industry
NCC Group and Fox-IT have been tracking a threat group - Chimera - with a wide set of interests, from intellectual property (IP) from victims in the semiconductors industry through to passenger data from the airline industry.
In their intrusions, researchers at Fox-IT say, they regularly abuse cloud services from Google and Microsoft to achieve their goals. NCC Group and Fox-IT observed this threat actor during various incident response engagements performed between October 2019 until April 2020. Their threat intelligence analysts noticed clear overlap between the various cases in infrastructure and capabilities, and as a result they assess with moderate confidence that one group was carrying out the intrusions across multiple victims operating in Chinese interests. In open source this actor is referred to as Chimera by CyCraft.