Chinese hackers target telecom networks
The U.S.-based security firm Cybereason Inc. stated that Chinese hackers conducted a campaign to gain access to the internal systems of telecommunication companies across Southeast Asia. In some cases, they were fortunate enough to exploit vulnerabilities present in Microsoft’s exchange servers.
The hacking groups are state-backed, making attempts since 2017 and getting successful in compromising five companies, stealing location data and phone records, along with getting complete control of the networks.
The cybersecurity technology company founded in 2012, Cybereason, is headquartered in Boston, Massachusetts, with offices in London, UK, Tokyo, Japan, and Tel Aviv, Israel. According to the team, the aim of the attackers was to gain access and collect critical information, in order to compromise high-profile business assets and essential network components.
Lior Div, the CEO of Cybereason, connected the campaign through three attackers, namely Gallium, Naikon APT, and TG-3390. It has been observed that Naikon and Gallium started their activities in 2020, whereas TG-3390 is in this exploitation space since 2017. All these have conveniently made their way to 2021 as well.
It is evident that these threat actors have been persistent and proactive in their approach. They are working on refreshing their tactics and defensive measures to infect and backdoor vulnerable Microsoft Exchange servers through the ProxyLogon exploit.
The researcher further pointed out the attackers’ adaptiveness in mitigating efforts, and altering the tools and techniques, making them more powerful with their approach. The attackers got liberty in accessing important system’s information, stealing of credentials, and diving deep into the network.
The researcher also claimed that there was an overlap among the attacker groups in terms of the tools, target environment, and timeframe. But more is to be known if these actually overlap or these are the acts of three different hackers, or teams working for the same threat actor.
