Cyber security the researchers shared details of a “very sophisticated” and far-reaching campaign against major telecommunications operators carried out by threatening Chinese state-sponsored actors.
Discovered by security firm Cybereason, signs of the campaign date back to 2017.
“Based on our analysis, we believe that the goal of the attackers behind these intrusions was to gain and maintain continued access to telecommunications providers and to facilitate cyber espionage by collecting sensitive information,” thus compromising large-scale business assets such as billing servers that contain Detailed Call Recording (CDR) data, as well as key network components such as the Domain controllers, Web servers and Microsoft Exchange servers, ”the report states.
We take a look at how our readers are using VPNs with streaming sites like Netflix so that we can improve our content and offer better advice. This survey will take no more than 60 seconds of your time, and we would greatly appreciate your sharing your experiences with us.
>> Click here to launch the survey in a new window
In its detailed analysis, Cybereason draws similarities between the recent SolarWinds and Kaseya attacks and the campaign against carriers, in that the threat actors initially targeted third-party service providers.
With telecom operators, instead of deploying malware, attackers instead exploit it for surveillance.
Threat to national security
In its analysis, Cybereason notes that in some cases, attackers even used recently reported information. vulnerabilities in Microsoft’s Exchange servers, similar to Hafnium attacks. Some even hid their tools in the computer recycle bin, while another exploited reliable security tools, especially antivirus software.
The report does not specifically name the targeted countries, but points out that the targeted telecom operators are located in ASEAN countries, some of which have publicly known long-term disputes with China.
While the intent of the entire operation seems limited to espionage, Cybereason argues that their access gave attackers the ability to disrupt networks just as easily, threatening national security.
“The attacks are of great concern as they undermine the security of critical infrastructure providers and expose the confidential and proprietary information of public and private organizations that depend on secure communications to conduct their business,” commented Cybereason co-founder and CEO Lior Div.