[TheRecord] Five Southeast Asian telcos hacked by three different Chinese espionage groups

At least five major telecommunication providers from Southeast Asia have been hacked over the past years by different Chinese cyber-espionage groups.

“These are global telcos with tens of millions of customers,” Assaf Dahan, Senior Director and Head of Threat Research at security firm Cybereason, told The Record this week.

“Based on our analysis, we assess that the goal of the attackers behind these intrusions was to gain and maintain continuous access to 

telecommunication providers and to facilitate cyber espionage by collecting sensitive information, compromising high-profile business assets such as the billing servers that contain Call Detail Record (CDR) data, as well as key network components such as the Domain Controllers, 

Web Servers and Microsoft Exchange servers,” Dahan added.

In a report published earlier today, Cybereason linked the intrusions to three clusters of activity corresponding to three different Chinese threat actors:

Gallium (Soft Cell)Naikon APTTG-3390 (APT27, Emissary Panda)

Image: Cybereason

The three groups used different techniques to breach the same telcos, and some remained active in the victims’ networks for years, with some of the earliest intrusions dating back to 2017.

However, Cybereason also said that despite all three groups having a degree of connection to Chinese espionage efforts, the three did not appear to collaborate.

“We haven’t observed a direct interaction between the clusters,” Dahan told The Record.

“It’s the million-dollar question. It can be very tempting to say that they are all connected and treat it as one big attack. However, based on our telemetry, we did not observe a ‘smoking gun’ type of direct connection among the three clusters,” the Cybereason exec told us.

“It doesn’t mean that they’re not connected. The truth is that we simply don’t know. One of the reasons why we chose to share our findings with the community is the hope that, over time, perhaps new information will shed light on this interesting overlap.”

In addition, sharing this research and attached indicators of compromise will also help unearth additional victims.

While Dahan said Cybereason linked the three groups to intrusions at five Southeast Asian telcos, the same three groups were also known to carry out operations in other geographical areas.0

“There are likely other telcos compromised,” Dasan said.

The post Five Southeast Asian telcos hacked by three different Chinese espionage groups appeared first on The Record by Recorded Future.

Source: Read More (The Record by Recorded Future)

You might be interested in …

[ThreatPost] Authorities Arrest Another TrickBot Gang Member in South Korea

All posts, ThreatPost

A hacker known only as “Mr. A” was picked up by authorities at a South Korean airport after getting stuck in the country due to COVID-19 travel restrictions. Source: Read More (Threatpost)

Read More

[ZDNet] Japanese electronic components manufacturer Murata apologizes for breach of employee and customer data

All posts, ZDNet

A subcontractor downloaded a database with sensitive bank account information from employees and business partners of the company. Source: Read More (Latest topics for ZDNet in Security)

Read More

[HackerNews] Facebook Releases New Tool That Finds Security and Privacy Bugs in Android Apps

All posts, HackerNews

Facebook on Wednesday announced it’s open-sourcing Mariana Trench, an Android-focused static analysis platform the company uses to detect and prevent security and privacy bugs in applications created for the mobile operating system at scale. “[Mariana Trench] is designed to be able to scan large mobile codebases and flag potential issues on pull requests before they make it into […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.