Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Share Post: Reddit Facebook
Chinese Military Hackers Launch Tripple Cyberattack on Major Telecom Carriers
#1
https://news.softpedia.com/news/chinese-...3652.shtml          Chinese Military Hackers Launch Tripple Cyberattack on Major Telecom Carriers
3 military-backed hacking groups are behind the attacks
Aug 3, 2021 17:28 GMT  ·  By George Dascalu  ·               
Chinese Military Hackers Targeting Telecom Carriers
Emissary Panda (APT27), Naikon, and Soft Cell are the organizations that carried out various hacking activities on the same telecom carriers in Southeast Asia at the same time, according to Cybereason.

Recent cyberattacks conducted by Hafnium cybercriminal gang used vulnerabilities in unpatched Microsoft Exchange servers and the same bugs were used in this particular situation. Threat actors gained access to target networks by exploiting vulnerabilities in Microsoft Exchange Server that had previously been published.

Once compromised, the hackers gained access to the sensitive information contained in key network resources such as Domain Controllers (DC), high-level corporate resources such as billing servers that contain call detail record data (CDR), as well as key network components such as telecom carriers' billing servers.

The Cybereason Nocturnus team noted an interesting overlap between the three clusters. The attacks occurred in some cases in the same target environment, in the same period, and even on the same endpoints. Currently, there is insufficient information to determine whether they are distinct threat actors or just different teams working for a single threat actor.

The following conclusions were reached by the researchers:
All three groups involved in the attacks, Soft Cell, Naikon, and Group-3390, are linked to APT (Advanced Persistent Threat) actors. The many overlapping TTPs observed in the clusters indicate the likelihood that all actors are working toward the single goal of monitoring the communications of high-level targets, aligned with the goals of the Chinese state. Cybereason concluded that the telecommunications companies were infiltrated to enable espionage against specific targets that are likely to be law enforcement agencies, politicians, corporations, government officials, and other organizations.

After their activity was undermined, the extremely adaptive attackers changed tactics to continuously disguise their activities and maintain themselves on infected systems, dynamically responding to efforts to disarm them after they already evaded security measures.
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  Kaspersky hits back at claims its AI helped Russia develop military drone systems mrtrout 0 712 05-05-2024 , 01:13 AM
Last Post: mrtrout
  Russia Had Access for Months to Ukraine's Largest Telecom Operator Before Attacking mrtrout 0 2,155 01-07-2024 , 06:36 AM
Last Post: mrtrout
  Microsoft seizes sites used by APT15 Chinese state hackers mrtrout 0 1,148 12-07-2021 , 11:16 AM
Last Post: mrtrout
  Chinese hackers use Windows zero-day to attack defense, IT firms mrtrout 0 775 10-12-2021 , 10:34 PM
Last Post: mrtrout
  State Department Allegedly Hit by Cyberattack mrtrout 0 693 08-23-2021 , 10:20 PM
Last Post: mrtrout



Users browsing this thread: 1 Guest(s)