Symantec reports reveal a sophisticated Chinese cyber espionage campaign targeting Asian telecom operators since 2021, marking a significant threat to critical infrastructure security.
A prolonged cyber espionage campaign linked to Chinese threat actors has infiltrated several telecom operators in an unnamed Asian country since at least 2021. According to a report from the Symantec Threat Hunter Team, part of Broadcom, the attackers have placed backdoors in the networks of targeted companies and attempted to steal credentials. The cybersecurity firm suggests the malicious activity may have begun as early as 2020.
Key Points of the Campaign
Targets and Methods: In addition to telecom operators, the campaign also targeted a services company catering to the telecom sector and a university in another Asian country. The attackers used custom backdoors such as COOLCLIENT, QuickHeal, and RainyDay, equipped to capture sensitive data and establish communication with command-and-control (C2) servers.
Attack Techniques: The campaign involved port scanning tools and credential theft through the dumping of Windows Registry hives. The exact initial access pathway used to breach the targets remains unknown.
Overlap with Other Groups: The tools used in this campaign overlap with those employed by known Chinese espionage groups like Mustang Panda, RedFoxtrot, and Naikon. This raises possibilities that the attacks are being conducted independently, by a single threat actor using tools from other groups, or by diverse actors collaborating on a single campaign.
The primary motive behind these intrusions is unclear. However, Chinese threat actors have a history of targeting the telecom sector globally. Symantec postulates that the attackers may have been gathering intelligence on the telecom sector or attempting to build a disruptive capability against critical infrastructure. Eavesdropping is another potential motive.
In November 2023, Kaspersky revealed a ShadowPad malware campaign targeting a national telecom company in Pakistan by exploiting known security flaws in Microsoft Exchange Server (CVE-2021-26855, aka ProxyLogon). This indicates a broader strategy of targeting telecom infrastructures in different countries.
The persistence and sophistication of this campaign highlight the ongoing threat posed by state-sponsored cyber espionage groups. It underscores the critical need for enhanced cybersecurity measures and vigilance among telecom operators and other critical infrastructure sectors.
In Other News:
- GenAI Poses Major Cybersecurity Challenges for Businesses.
- Fact-Checking Backlash: Rising Doubts Over Trustworthy Sources.
- Cybersecurity Experts Expose the Flaws in IOC Use for Cyber Threats.
- Apple’s Cloud Security Leaves Microsoft in the Dust.
Hey Wait!
Stay informed on the latest technology trends by following VPNRanks news! As your primary resource for updates in the tech world, we ensure you’re always in the know. Make VPNRanks your go-to guide for safeguarding your digital life and staying ahead of tech trends!
