Sign In Register
5G
6G
The Core
The Edge
Open RAN
Private Networks
The Cloud
Security
AI/Automation
Cable Tech
DOCSIS CCAP Cable Business Services 10G The Bauminator
IoT
OSS/BSS/CX
SD-WAN
Optical/IP
FTTX DCI Routing Any Haul/X-Haul
Test & Measurement
Services
4G/3G/WiFi
Satellite
Video/Media
Regions
Asia Africa Europe India Middle East
Industry Show News
Mobile World Congress Big 5G Event
Events
Optical Networking Digital SymposiumEdge Computing Digital Symposium
Events Archives
Digital Event Archives Cable Next-Gen Europe Digital Symposium Asia Tech 2021 Digital Symposium 5G Orchestration & Service Assurance Digital Symposium
Webinars
Upcoming Webinars Archived Webinars 5G Webinars Live Learning Webinars
White Papers
Tech Centers
Future Vision Tech Center
Market Leader Programs
Internet for the Future
Communities
The 5G Exchange LR Asia Broadband World News Connecting Africa Telecoms.com Women In Comms
Light Reading Video
Telecom Innovators Showcase
Light Reading Audio
Light Reading Podcast Executive Spotlight Q&A
News & Views Events Leading Lights Awards About Us Advertise With Us Newsletter Signup
x
Newsletter Signup Sign In Register
Asia

Cybersecurity firm blames China for attacks on Asian telcos

News Analysis Ken Wieland, contributing editor 8/3/2021
Comment (0)

Cybereason, a cybersecurity firm, has pinned the blame on China-backed threat actors for a series of "pervasive attacks" on some of the largest telcos in Southeast Asia. Because of their activities, says Cybereason, China has been able conduct cyber espionage against "designated high-profile targets."

The cybersecurity firm further warns that the attackers have access to (and control) of various networks. If they wanted, reckoned Cybereason, China could shut down telecom services to specific people or companies. Some of the attacks have apparently been going on since at least 2017.

"The attacks are very concerning because they undermine the security of critical infrastructure providers and expose the confidential and proprietary information of both public and private organizations that depend on secure communications for conducting business," said Cybereason CEO and Co-Founder Lior Div.

Spider to the fly: China could shut down telecom services to specific people or companies, say Cybereason. (Source: Gerd Altmann from Pixabay)
Spider to the fly: China could shut down telecom services to specific people or companies, say Cybereason.
(Source: Gerd Altmann from Pixabay)

"These state-sponsored espionage operations not only negatively impact the telcos' customers and business partners, they also have the potential to threaten the national security of countries in the region and those who have a vested interest in the region's stability."

Named and shamed

The alarming findings were laid out in a new Cybereason report published today, entitled DeadRinger: Exposing Chinese Threat Actors Targeting Major Telcos. Following the disclosure of Hafnium attacks targeting Microsoft Exchange vulnerabilities, the "Cybereason Nocturnus" team "proactively hunted" for various threat actors trying to leverage similar techniques.

The team turned its attention to three clusters of intrusions they detected targeting the telecoms industry across Southeast Asia, each of which “showed significant connections” to prominent Advanced Persistent Threat groups aligned with the interests of the Chinese government.

Cybereason determined that "cluster A" was operated by Soft Cell, an activity group in operation since 2012, previously attacking Telcos in multiple regions including Southeast Asia, and which was first discovered by Cybereason in 2019.

"We assess with a high level of confidence that the Soft Cell activity group is operating in the interest of China," said the report. "The activity around this cluster started in 2018 and continued through Q1 2021."

"Cluster B" was assessed by Cybereason to be operated by the Naikon APT threat actor, "a highly active cyber espionage group in operation since 2010 which mainly targets ASEAN countries."

Cyber espionage

The Naikon APT group was previously attributed to the Chinese People's Liberation Army's (PLA) Chengdu Military Region Second Technical Reconnaissance Bureau (Military Unit Cover Designator 78020). The activity around this cluster was first observed in Q4 2020, observed the Cybereason Nocturnus team, and continued through Q1 2021.

"Cluster C," dubbed a "mini-cluster," was found to be characterized by a unique OWA [Outlook Web Application] backdoor that was deployed across multiple Microsoft Exchange and IIS servers.

Want to know more about security? Check out our dedicated security channel here on
Light Reading.

Cybereason's analysis of the backdoor showed "significant code similarities" with a previously documented backdoor used in the operation dubbed Iron Tiger, which was attributed to a Chinese threat actor tracked by various researchers as Group-3390. Activity around this cluster was observed between 2017 and Q1 2021.

Based on its analysis of cluster activity, the report's authors starkly conclude that the goal of the attackers behind these intrusions was to "gain and maintain continuous access to telecommunication providers and to facilitate cyber espionage by collecting sensitive information, compromising high-profile business assets, such as the billing servers that contain call detail record data, as well as key network components, such as the domain controllers, web servers and Microsoft Exchange servers."

Related posts:

— Ken Wieland, contributing editor, special to Light Reading

COMMENTS
Newest First | Oldest First | Threaded View
Add Comment
Be the first to post a comment regarding this story.
EDUCATIONAL RESOURCES
sponsor supplied content
The 5G Fronthaul Handbook
5G Network Deployment Handbook
Understanding 5G: A Practical Guide to Deploying and Operating 5G Networks
Testing 5G: Tools and Techniques for Successful Implementation, Maintenance and Monetization
The Big B2B2x Opportunity for CSPs – Enabling a Connected Enterprise Experience
TM Forum Report: How to lead in the open API economy
Reimagining service assurance in telecom
THE POWER OF DIFFERENTIATION: BUILDING BROADBAND FOR 2021 AND BEYOND
Data Driven Telco Strategies
Run CNFs on Virtual Machines To Optimize Your 5G Networks
Educational Resources Archive
FEATURED VIDEO
UPCOMING LIVE EVENTS
Optical Networking Digital Symposium
September 16, 2021, Digital Symposium
Edge Computing Digital Symposium
September 30, 2021, Digital Symposium
The Programmable Telco Digital Symposium
November 16-18, 2021, Two Day Digital Symposium
All Upcoming Live Events
UPCOMING WEBINARS
August 4, 2021 Tech for a Better Planet Symposium
August 10, 2021 Step up to Wi-Fi 6 and maximize the performance of legacy networks
August 19, 2021 SCTE Live Learning Webinar™ Series: Tapping Into the Cloud
August 19, 2021 Harnessing 5G and Edge Technology: Serving the Customer and Network Operations
August 24, 2021 Getting your "Business Support System (BSS)-on-Cloud" Strategy Right
Webinar Archive
PARTNER PERSPECTIVES - content from our sponsors
Celcom and Huawei Debut World's First Smart 8T8R Large-Scale Deployment in Malaysia By Huawei
Scaling Private 5G Networks to Support Intelligent Automation By Heather Broughton, Sr. Director of Service Provider Marketing, Netscout
STC Academy Digital Transformation in Talent Development By Huawei
Huawei’s Bill Tang: Target Efforts to Protect Networks and Bring Warmth With Huawei Service By Huawei
China Mobile Partners With Huawei to Build the World's Largest IoT Support Platform By Huawei
All Partner Perspectives
GUEST PERSPECTIVES - curated contributions
The keys to unlocking the operator's path to super-aggregation By Damien Montessuit, MediaKind
The impact of the ever-shifting edge By Mark Myslinski, Broadcast Solutions Manager, Synamedia
All Guest Perspectives
HOME
Sign In
SEARCH
CLOSE
MORE
CLOSE