Sustained Campaign Using Chinese Espionage Tools Targets Telcos


Attackers using tools associated with Chinese espionage groups have breached multiple telecom operators in a single Asian country in a long-running espionage campaign.

The attackers placed backdoors on the networks of targeted companies and also attempted to steal credentials. The attacks have been underway since at least 2021, with evidence to suggest that some of this activity may even date as far back as 2020. Virtually all of the organizations targeted were telecoms operators, with the addition of a services company that serves the telecoms sector and a university in another Asian country.

Read more…
Source: Symantec


Sign up for our Newsletter


Related:

  • The BadPilot campaign: Seashell Blizzard subgroup conducts multiyear global access operation

    February 12, 2025

    Microsoft is publishing for the first time their research into a subgroup within the Russian state actor Seashell Blizzard and its multiyear initial access operation, tracked by Microsoft Threat Intelligence as the “BadPilot campaign”. This subgroup has conducted globally diverse compromises of Internet-facing infrastructure to enable Seashell Blizzard to persist on high-value targets and support tailored ...

  • Funksec Ransomware Teams Up with Another Ransomware Group to Double Down on Targets

    February 3, 2025

    FunkSec is a relatively new but highly active ransomware group that, as of this writing, has targeted several dozen victims across industries like government, banking, communications, and education. In a recent blog post, the group announced a partnership with another ransomware outfit, FSociety, aiming to carry out attacks more efficiently. This week, SonicWall Capture Labs research ...

  • CL-STA-0048: An Espionage Operation Against High-Value Targets in South Asia

    January 29, 2025

    We identified a cluster of activity that we track as CL-STA-0048. This cluster targeted high-value targets in South Asia, including a telecommunications organization. This activity cluster used rare tools and techniques including the technique we call Hex Staging, in which the attackers deliver payloads in chunks. Their activity also includes exfiltration over DNS using ping, and ...

  • TalkTalk investigating data breach after hacker claims theft of customer data

    January 27, 2025

    U.K. telecoms giant TalkTalk has confirmed that it is investigating a data breach after a hacker claimed to have stolen the personal information of millions of customers. In a post on a popular cybercrime forum seen by TechCrunch, an individual using the alias “b0nd” claimed to have stolen the personal data of more than 18.8 ...

  • FBI Agents’ Call And Text Logs Potentially Stolen In Data Breach

    January 23, 2025

    The FBI has raised alarm that hackers who breached AT&T’s system last year may have stolen months of agents’ call and text logs, which could potentially lead to the identities of anonymous informants connected to investigations. While the hackers did not access the content of conversations, the stolen call log metadata—records of who called whom, when ...

  • US state sues T-Mobile over 2021 data breach which leaked data of millions

    January 7, 2025

    As part of Washington’s lawsuit, the state claims T-Mobile failed to ‘adequately secure sensitive personal information of more than 2 million Washingtonians’. This failure, the state claims, left those consumers vulnerable to fraud and identity theft. The suit claims that the breach was ‘entirely avoidable’ and explains T-Mobile had years to fix key vulnerabilities in its ...