Security News > 2021 > August > Research finds cyber-snoops working for 'Chinese state interests' lurking in SE Asian telco networks since 2017

Research finds cyber-snoops working for 'Chinese state interests' lurking in SE Asian telco networks since 2017
2021-08-03 04:01

Attack protection specialist Cybereason has fingered threat actors working on behalf of "Chinese state interests" as being behind attacks on telcos operating in Southeast Asia - with some having been prowling the penetrated networks for information on high-value targets since 2017.

"Telcos are a prime target for nation-state espionage programs for various reasons, among them, the ability to collect information about the telco's subscribers," Assaf Dahan, senior director and head of threat research at Cybereason, told.

"We identified hundreds of gigabytes of data exfiltrated from the environment during our investigation. The threat actors were after high value targets, including business leaders, government officials, politicians, political activists, law enforcement officials, human rights activists, and anyone the Chinese government feels is of interest."

"First, the groups involved in these intrusions are considered top-tier APT groups, known for their sophistication, advanced techniques, and stealth. One of their main goals was to maintain access inside the telcos' networks and to remain under-the-radar for as long as possible and the APT groups invest heavily in efforts to cover their tracks."

The report found three groups involved the attacks, described as having "Significant connections to known threat actors, all suspected to be operating on behalf of Chinese state interests": Soft Cell, "Operating in the interest of China"; the Naikon APT group, "Previously attributed to the Chinese People's Liberation Army's Chengdu Military Region Second Technical Reconnaissance Bureau"; and a smaller third group which may be linked to a threat actor dubbed Group-3390, also known as Emissary Panda.

While Cybereason's research focused on telcos in Southeast Asia, Dahan told us that the same APT groups are responsible for known attacks on multiple industries, including telecommunications, worldwide - and advised on how potential targets should be protecting themselves.


News URL

https://go.theregister.com/feed/www.theregister.com/2021/08/03/cybereason_deadringer/