Three Chinese APT Groups Attack Major Telecommunications Companies
Cybersecurity research team Cybereason Nocturnus has discovered three malicious cyber espionage campaigns aimed at hacking the networks of major telecommunications companies. Presumably, the attacks are carried out in the interests of China.
The malicious campaign, collectively known as DeadRinger, targets companies in Southeast Asia. According to experts, the attacks were orchestrated by three cybercriminal groups (APTs) allegedly linked to the Chinese government. This conclusion is based on a comparison of tactics and methods with other well-known Chinese APTs.
The first cyber operation is allegedly associated with APT Soft Cell. A second operation called Naikon, launched in late 2020 targeted telecommunications companies. As the researchers suggest, Naikon may be associated with the military bureau of the People’s Liberation Army of China (PLA). The third cyber operation was organized in 2017 by APT27 (also known as Emissary Panda). The criminals used a backdoor used to compromise Microsoft Exchange servers.
The hackers’ methods included exploiting vulnerabilities in Microsoft Exchange Server, installing the China Chopper web shell, using Mimikatz to steal credentials, creating Cobalt Strike beacons and backdoors to connect to the C&C server.
In each wave of cyber attacks, criminals have targeted cyber espionage by collecting sensitive information, compromising critical business assets such as billing servers containing Call Detail Record (CDR) data, and key network components such as domain controllers, web servers, and servers. Microsoft Exchange.
In some cases, groups could simultaneously be in the same compromised environment. However, it is unclear if they worked independently or if they were all under the leadership of a specific group.
Catch up on more articles here
Follow us on Twitter here