{"id":37397,"date":"2020-09-29T14:40:57","date_gmt":"2020-09-29T14:40:57","guid":{"rendered":"https:\/\/packetstormsecurity.com\/news\/view\/31617\/These-Hackers-Spent-Months-Hiding-Out-In-Company-Networks-Undetected.html"},"modified":"2020-09-29T14:40:57","modified_gmt":"2020-09-29T14:40:57","slug":"these-hackers-spent-months-hiding-out-in-company-networks-undetected","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/these-hackers-spent-months-hiding-out-in-company-networks-undetected\/","title":{"rendered":"These Hackers Spent Months Hiding Out In Company Networks Undetected"},"content":{"rendered":"<div><img decoding=\"async\" src=\"https:\/\/zdnet2.cbsistatic.com\/hub\/i\/r\/2018\/03\/29\/551620b5-d38b-493b-959f-9249bf2ae87c\/thumbnail\/770x578\/7210f5021b6da4ad89b00b40ad98f87d\/hacker-keyboard.jpg\" class=\"ff-og-image-inserted\"><\/div>\n<p>A cyber espionage campaign is using new malware to infiltrate targets around the world including organisations in media, finance, construction and engineering.<\/p>\n<p>Detailed by <a href=\"https:\/\/symantec-enterprise-blogs.security.com\/blogs\/threat-intelligence\/palmerworm-blacktech-espionage-apt\" target=\"_blank\" rel=\"noopener noreferrer nofollow\" data-component=\"externalLink\">cybersecurity company Symantec<\/a>, the attacks against organisations in the US, Japan, Taiwan and China are being conduced with the aim of stealing information and have been linked to an espionage group known as Palmerworm \u2013 aka BlackTech \u2013 which has a history of campaigns going back to 2013.<\/p>\n<p>The addition of an US target to this campaign suggests the group is expanding campaigns to embrace a wider, more geographically diverse set of targets in their quest to steal information &#8211; although the full motivations remain unclear.<\/p>\n<p>In some cases, Palmerworm maintained a presence on compromised networks for a year or more, often with <a href=\"https:\/\/www.zdnet.com\/article\/new-state-backed-espionage-campaign-targets-military-and-government-using-freely-available-hacking\/\">the aid of &#8216;living-off-the-land&#8217; tactics<\/a> which take advantage legitimate software and tools so as to not raise suspicion that something might be wrong \u2013 and also thus creating less evidence which can be used to trace the origin of the attack.<\/p>\n<p>Researchers haven&#8217;t been able to determine how hackers gain access to the network in this latest round of Palmerworm attacks, but previous campaigns have deployed <a href=\"https:\/\/www.zdnet.com\/article\/what-is-phishing-how-to-protect-yourself-from-scam-emails-and-more\/\">spear-phishing emails<\/a> to compromise victims.<\/p>\n<p><strong><strong>SEE<\/strong><\/strong>:&nbsp;<a href=\"https:\/\/www.zdnet.com\/article\/cybercrime-and-cyberwar-a-spotters-guide-to-the-groups-that-are-out-to-get-you\/\"><strong><strong>Cybercrime and cyberwar: A spotter&#8217;s guide to the groups that are out to get you<\/strong><\/strong><\/a><\/p>\n<p>However, it&#8217;s known that deployment of the malware uses custom loaders and network reconnaissance tools similar to previous Palmerworm campaigns, leaving researchers &#8220;reasonably confident&#8221; it&#8217;s the same group behind these attacks.<\/p>\n<section class=\"sharethrough-top\" data-component=\"medusaContentRecommendation\" data-medusa-content-recommendation-options=\"{&quot;promo&quot;:&quot;promo_zd_recommendation_sharethrough_top_in_article_desktop&quot;,&quot;spot&quot;:&quot;dfp-in-article&quot;}\"> <\/section>\n<p>Palmerworm&#8217;s malware also uses stolen code-signing certificates in the payloads in order to make them look more legitimate and more difficult for security software to detect. This tactic is also known to have been previously deployed by the group.<\/p>\n<p>The <a href=\"https:\/\/www.zdnet.com\/article\/trojan-malware-the-hidden-cyber-threat-to-your-pc\/\">trojan malware<\/a> provides attackers with a secret backdoor into the network and that access is maintained with the use of several legitimate tools including PSExec and SNScan which are exploited to move around the network undetected. Meanwhile, WinRar is used to compress files, making them easier for the attackers to extract from the network.<\/p>\n<p>&#8220;The group is savvy enough to move with the times and follow the trend of using publicly available tools where they can in order to minimise the risk of discovery and attribution,&#8221; said Dick O&#8217;Brien principal on the threat hunter team at Symantec. &#8220;Like many state sponsored attackers, they seem to be minimising the use of custom malware, deploying it only when necessary&#8221;.<\/p>\n<p>Organisations Symantec have identified as victims of Palmerworm include a media company and a finance company in Taiwan, a construction firm in China and a company in the US; in each case attackers spent months secretly accessing the compromised networks. Shorter compromises of just a few days were detected on the networks of an electronics company in Taiwan and an engineering company in Japan.<\/p>\n<p><strong>SEE:&nbsp;<\/strong><a href=\"https:\/\/www.techrepublic.com\/resource-library\/downloads\/security-awareness-and-training-policy\/?ftag=CMG-01-10aaa1b\" target=\"_blank\" rel=\"noopener noreferrer\" data-component=\"externalLink\"><strong>Security Awareness and Training policy<\/strong><\/a><strong>&nbsp;(TechRepublic Premium)<\/strong>&nbsp; &nbsp;&nbsp;<\/p>\n<p>Symantec haven&#8217;t attributed Palmerworm to any particular group, but Taiwanese officials have previously claimed that <a href=\"https:\/\/www.reuters.com\/article\/us-taiwan-cyber-china\/taiwan-says-china-behind-cyberattacks-on-government-agencies-emails-idUSKCN25F0JK\" target=\"_blank\" rel=\"noopener noreferrer nofollow\" data-component=\"externalLink\">the attacks can be linked back to China<\/a>. If that is the case, it suggests that Chinese hackers have targeted a Chinese company as part of the campaign \u2013 although researchers wouldn&#8217;t be drawn on the potential implications of this.<\/p>\n<p>However, what is certain is that whoever Palmerworm is working on behalf of, the group is unlikely to have ceased operations and will remain a threat.<\/p>\n<p>&#8220;Give how recent some of the activity is, we consider them still active. The level of retooling we&#8217;ve seen, with four new pieces of custom malware, is significant and suggests a group with a busy agenda,&#8221; said O&#8217;Brien.<\/p>\n<p>While the nature of advanced hacking campaigns means they can be difficult to identify and defend against, organisations can go a long way to protecting themselves <a href=\"https:\/\/www.zdnet.com\/article\/the-key-to-stopping-cyberattacks-understanding-your-own-systems-before-the-hackers-strike\/\">by having a clear view of their network<\/a> and knowledge of what usual and unusual activity looks like \u2013 and blocking suspicious activity if necessary.<\/p>\n<p>&#8220;Most espionage type attacks are not a single event. They are a long chain of events where the attackers use one tool to perform one task, another tool to perform the next task, and then hop from one computer to another and so on,&#8221; said O&#8217;Brien <\/p>\n<p>&#8220;There are lots of steps the attacker has to take to get to where they want to go and do whatever they want to do. Each individual step is an opportunity for it to be detected, disrupted and even blocked. And what you&#8217;d hope is that, if they aren&#8217;t detected during one step in that chain, they will be detected in the next,&#8221; he added.<\/p>\n<p><strong>READ MORE ON CYBERSECURITY<\/strong><\/p>\n<p> READ MORE <a href=\"https:\/\/packetstormsecurity.com\/news\/view\/31617\/These-Hackers-Spent-Months-Hiding-Out-In-Company-Networks-Undetected.html\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":37398,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[277],"tags":[2034],"class_list":["post-37397","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity-blogs","tag-headlinehackergovernmentdata-losscyberwar"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v28.0 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>These Hackers Spent Months Hiding Out In Company Networks Undetected 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/these-hackers-spent-months-hiding-out-in-company-networks-undetected\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"These Hackers Spent Months Hiding Out In Company Networks Undetected 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/these-hackers-spent-months-hiding-out-in-company-networks-undetected\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2020-09-29T14:40:57+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/09\/these-hackers-spent-months-hiding-out-in-company-networks-undetected.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"770\" \/>\n\t<meta property=\"og:image:height\" content=\"578\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/these-hackers-spent-months-hiding-out-in-company-networks-undetected\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/these-hackers-spent-months-hiding-out-in-company-networks-undetected\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"These Hackers Spent Months Hiding Out In Company Networks Undetected\",\"datePublished\":\"2020-09-29T14:40:57+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/these-hackers-spent-months-hiding-out-in-company-networks-undetected\\\/\"},\"wordCount\":785,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/these-hackers-spent-months-hiding-out-in-company-networks-undetected\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/09\\\/these-hackers-spent-months-hiding-out-in-company-networks-undetected.jpg\",\"keywords\":[\"headline,hacker,government,data loss,cyberwar\"],\"articleSection\":[\"CyberSecurity Blogs\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/these-hackers-spent-months-hiding-out-in-company-networks-undetected\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/these-hackers-spent-months-hiding-out-in-company-networks-undetected\\\/\",\"name\":\"These Hackers Spent Months Hiding Out In Company Networks Undetected 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/these-hackers-spent-months-hiding-out-in-company-networks-undetected\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/these-hackers-spent-months-hiding-out-in-company-networks-undetected\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/09\\\/these-hackers-spent-months-hiding-out-in-company-networks-undetected.jpg\",\"datePublished\":\"2020-09-29T14:40:57+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/these-hackers-spent-months-hiding-out-in-company-networks-undetected\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/these-hackers-spent-months-hiding-out-in-company-networks-undetected\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/these-hackers-spent-months-hiding-out-in-company-networks-undetected\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/09\\\/these-hackers-spent-months-hiding-out-in-company-networks-undetected.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/09\\\/these-hackers-spent-months-hiding-out-in-company-networks-undetected.jpg\",\"width\":770,\"height\":578},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/these-hackers-spent-months-hiding-out-in-company-networks-undetected\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"headline,hacker,government,data loss,cyberwar\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/headlinehackergovernmentdata-losscyberwar\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"These Hackers Spent Months Hiding Out In Company Networks Undetected\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"These Hackers Spent Months Hiding Out In Company Networks Undetected 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/these-hackers-spent-months-hiding-out-in-company-networks-undetected\/","og_locale":"en_US","og_type":"article","og_title":"These Hackers Spent Months Hiding Out In Company Networks Undetected 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/these-hackers-spent-months-hiding-out-in-company-networks-undetected\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2020-09-29T14:40:57+00:00","og_image":[{"width":770,"height":578,"url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/09\/these-hackers-spent-months-hiding-out-in-company-networks-undetected.jpg","type":"image\/jpeg"}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/these-hackers-spent-months-hiding-out-in-company-networks-undetected\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/these-hackers-spent-months-hiding-out-in-company-networks-undetected\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"These Hackers Spent Months Hiding Out In Company Networks Undetected","datePublished":"2020-09-29T14:40:57+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/these-hackers-spent-months-hiding-out-in-company-networks-undetected\/"},"wordCount":785,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/these-hackers-spent-months-hiding-out-in-company-networks-undetected\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/09\/these-hackers-spent-months-hiding-out-in-company-networks-undetected.jpg","keywords":["headline,hacker,government,data loss,cyberwar"],"articleSection":["CyberSecurity Blogs"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/these-hackers-spent-months-hiding-out-in-company-networks-undetected\/","url":"https:\/\/www.threatshub.org\/blog\/these-hackers-spent-months-hiding-out-in-company-networks-undetected\/","name":"These Hackers Spent Months Hiding Out In Company Networks Undetected 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/these-hackers-spent-months-hiding-out-in-company-networks-undetected\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/these-hackers-spent-months-hiding-out-in-company-networks-undetected\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/09\/these-hackers-spent-months-hiding-out-in-company-networks-undetected.jpg","datePublished":"2020-09-29T14:40:57+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/these-hackers-spent-months-hiding-out-in-company-networks-undetected\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/these-hackers-spent-months-hiding-out-in-company-networks-undetected\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/these-hackers-spent-months-hiding-out-in-company-networks-undetected\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/09\/these-hackers-spent-months-hiding-out-in-company-networks-undetected.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/09\/these-hackers-spent-months-hiding-out-in-company-networks-undetected.jpg","width":770,"height":578},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/these-hackers-spent-months-hiding-out-in-company-networks-undetected\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"headline,hacker,government,data loss,cyberwar","item":"https:\/\/www.threatshub.org\/blog\/tag\/headlinehackergovernmentdata-losscyberwar\/"},{"@type":"ListItem","position":3,"name":"These Hackers Spent Months Hiding Out In Company Networks Undetected"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/37397","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=37397"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/37397\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/37398"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=37397"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=37397"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=37397"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}