Continue reading this on our app for a better experience

Open in App
Floating Button

Chinese threat actors compromised Southeast Asian telcos for cyber espionage: Cybereason

The Edge Singapore
The Edge Singapore • 3 min read
Chinese threat actors compromised Southeast Asian telcos for cyber espionage: Cybereason
The threat actors compromised third parties to reach specific targets and exploited vulnerabilities in Microsoft Exchange servers
Font Resizer
Share to Whatsapp
Share to Facebook
Share to LinkedIn
Scroll to top
Follow us on Facebook and join our Telegram channel for the latest updates.

Cybersecurity solutions provider Cybereason has revealed that Chinese threat actors were responsible for several previously unidentified cyberattack campaigns infiltrating major telecommunications providers (telcos) across Southeast Asia.

It has identified three distinct clusters of attacks that have evaded detection since at least 2017. The clusters were found to have varying degrees of connection to Advanced Persistent Threat (APT) groups Soft Cell, Naikon and Group-3390 — all known to operate in the interest of the Chinese government.

Cybereason observed overlaps in attacker tactics, techniques, and procedures across the clusters, which indicates a likely connection between the threat actors. This supports the assessment that each group was tasked with parallel objectives in monitoring the communications of specific high-value targets under the direction of a centralised coordinating body aligned with Chinese state interests.

Although the prevailing assessment is that the operations were only intended for espionage purposes, the fact remains that had the attackers decided to change their objectives from espionage to interference, they would have had the ability to disrupt communications for any of the affected telco’s customers.

See also: Ransomware: The growing threat to Asia Pacific's economic recovery

“The attacks are very concerning because they undermine the security of critical infrastructure providers and expose the confidential and proprietary information of both public and private organisations that depend on secure communications for conducting business,” says Cybereason CEO and co-founder Lior Div.

“These state-sponsored espionage operations not only negatively impact the telcos’ customers and business partners, they also have the potential to threaten the national security of countries in the region and those who have a vested interest in the region’s stability,” he adds.

Other key findings from Cybereason’s DeadRinger: Exposing Chinese Threat Actors Targeting Major Telcos report include:

  • High-value espionage targets
    Telcos were compromised in order to facilitate espionage against select targets. These targets are likely to include corporations, political figures, government officials, law enforcement agencies, political activists and dissident factions of interest to the Chinese government.
  • Attackers were adaptive, persistent and evasive
    The highly adaptive attackers worked diligently to obscure their activity and maintain persistence on the infected systems. They dynamically respond to mitigation attempts after having evaded security efforts since at least 2017, an indication that the targets are of great value to the attackers.
  • Threat actors compromised third parties to reach specific targets
    Similar to the recent SolarWinds and Kaseya attacks, the threat actors first compromised third-party service providers. However, instead of using them to deliver malware through a supply chain attack, the intent was to leverage them to conduct surveillance of their customers' confidential communications.
  • Microsoft Exchange vulnerabilities exploited
    Similar to the HAFNIUM attacks, the threat actors exploited recently disclosed vulnerabilities in Microsoft Exchange Servers to gain access to the targeted networks. They then proceeded to compromise critical network assets such as Domain Controllers (DC) and billing systems, which contain highly sensitive information like Call Detail Record (CDR) data. This enabled them to access the sensitive communications of anyone using the affected telcos’ services.

Cybereason’s recent report comes on the heels of the Biden administration's public rebuke of China’s Ministry of State Security for the recent HAFNIUM attacks that exploited vulnerabilities in unpatched Microsoft Exchange Servers and put thousands of organisations worldwide at risk.

The exploitation of these same vulnerabilities was central to the success of the attacks detailed in the research.

Photo by Clint Patterson on Unsplash

Highlights

Re test Testing QA Spotlight
1000th issue

Re test Testing QA Spotlight

Get the latest news updates in your mailbox
Never miss out on important financial news and get daily updates today
×
The Edge Singapore
Download The Edge Singapore App
Google playApple store play
Keep updated
Follow our social media
© 2024 The Edge Publishing Pte Ltd. All rights reserved.