Chinese Hackers Breach Asian Telecom for 3 Years

According to a fresh report by Symantec researchers, cyber espionage groups associated with China have been involved in a long campaign aimed at hacking several telecommunication operators in an Asian country since 2021. The company did not specify the exact country that was attacked but stated that the harmful activity included the periodic deployment of backdoors in the networks of target organizations followed by the theft of accounting data.

The tools used in the campaign align with those previously utilized by Chinese cyber spies, including Mustang Panda, Redfoxtrot, and Naikon. Some of these tools include specially designed backdoors like CoolClient, Quickheal, and RainyDay, which are capable of capturing sensitive data and establishing a connection with a C2 server.

While the exact method of initial access to targets is still unknown, the malware is known to utilize tools for scanning ports and stealing accounting data by unloading the contents of the Windows registry. The connection of these tools to three different cybercrime groups has led researchers to consider three possible scenarios: attacks are conducted independently, the same attacker is using tools from different groups, or different groups are collaborating in a single malicious campaign.

Currently, the primary goal of these intrusions remains unclear, but Chinese cyber groups have a history of targeting the telecommunication sector globally. For instance, in November 2023, Kaspersky Laboratory uncovered a campaign using the malicious ShadowPad against a national telecommunication company in Pakistan by exploiting vulnerabilities in Microsoft Exchange Server.

This incident highlighted by Symantec underscores the importance of maintaining constant vigilance and enhancing cybersecurity within the telecommunication sector. The complexity and duration of these attacks demonstrate that modern threats necessitate not only technical solutions but also international cooperation to combat cybercrime effectively. Developing a culture of cybersecurity where every employee understands their role in safeguarding critical infrastructure is crucial.

/Reports, release notes, official announcements.