German domestic intelligence services, the BFV (Bundesamt für Verfassungsschutz), have warned of ongoing attacks organized by the APT (Advanced Persistent Threat) 27 Chinese-backed hacking group.

This active campaign is aimed at German commercial organizations, with attackers back channeling their networks via the HyperBro remote access trojans (RAT).

By acting as an in-memory back access with remote administration capabilities, HyperBro enables threat actors to maintain continuity on victims' networks.

Along with stealing trade secrets and intellectual property, the hackers may be attempting to penetrate the networks of customers and service providers in order to infiltrate multiple businesses simultaneously, the BFV stated in a circular to companies.

The BFV noted in its 2019 annual report on constitutional protection that the acronym APT 27 is an alias for a Chinese hacker group known as the "Emissary Panda" that is believed to target foreign embassies and critical sectors.

According to the BFV, the cyberespionage group APT 27 has been active since at least 2010.

The BFV added the Chinese-based hacking group targets foreign embassies in order to collect information on the government, defense, and technology sectors.

The United States and its allies accused China last year of conducting a global cyber-espionage campaign, an allegation Beijing denies.

In the same year, several European pharmaceutical companies, including Swiss giant Roche, were attacked by what is believed to be a Chinese state-sponsored hacking group called "Blackfly."

The hackers used malware dubbed "Winnti," which was previously used against other European manufacturers such as BASF and Henkel. The analysis of the code used in all of the attacks indicates that they originated in China.

These attacks were carried out in response to previous infiltrations of major pharmaceutical companies. Merck reported in October 2017 that a NotPetya ransomware attack had cost the company more than $300 million in the third quarter alone.

Additionally, in 2021, German pharmaceuticals giant Bayer AG admitted to discovering spyware on its system that had been there since the start of the year.

As with the Roche attack, the intrusion was traced back to Blackfly.

Since March 2021, APT27 has been exploiting flaws in Zoho AdSelf Service Plus software, an enterprise password management solution for Active Directory and cloud applications, according to the German intelligence agency.

This is consistent with previous reports of multiple campaigns targeting Zoho Manage Engine installations in 2021, coordinated by nation-state hackers using tactics and tooling similar to those used by APT27.

Last year, Microsoft confirmed that a Chinese-based group attempted to hack information from a number of U.S. targets, including infectious-disease researchers, law firms, universities, and non-governmental organizations.