Chinese Cyber Espionage Compromises Telecom Operators in Asia

Summary:

Date: June 20, 2024
Author: Newsroom
Tags: Cyber Espionage, Critical Infrastructure
Article Overview:
Chinese cyber espionage groups have been linked to a prolonged campaign targeting multiple telecom operators in an unspecified Asian country since at least 2021. The Symantec Threat Hunter Team reported that attackers infiltrated networks, planted backdoors, and attempted credential theft. Evidence suggests the activity may have begun as early as 2020.
Key Points:

• Targets: Telecom operators, a services company in the telecom sector, and a university in another Asian country.
• Tools Used: Custom backdoors named COOLCLIENT, QuickHeal, and RainyDay, capable of data capture and C2 server communication.
• Techniques: Port scanning, credential theft via Windows Registry hives.
• Possible Actors: Chinese groups such as Mustang Panda, RedFoxtrot, and Naikon.
• Motives: Intelligence gathering, eavesdropping, or disrupting critical infrastructure.
  Context:
  In November 2023, a similar attack using ShadowPad malware targeted a Pakistani national telecom company by exploiting Microsoft Exchange Server vulnerabilities.
  Uncertainties:
• The initial access method remains unknown.
• The exact motive behind the intrusions is unclear.
  Follow-Up Actions:
  For more updates, follow related discussions on Twitter and LinkedIn.