Security News > 2021 > August > Chinese Hackers Target Major Southeast Asian Telecom Companies

Three distinct clusters of malicious activities operating on behalf of Chinese state interests have staged a series of attacks to target networks belonging to at least five major telecommunications companies located in Southeast Asian countries since 2017.

The Boston-based cybersecurity firm linked the campaigns to three different Chinese threat actors, namely Gallium, Naikon APT, and TG-3390.

The activity surrounding the latter of the three clusters started in 2017, while Gallium-related attacks were first observed in Q4 2020, with the Naikon group jumping on the exploitation bandwagon last in Q4 2020.

The Emissary Panda cluster is the oldest of the three, primarily involving the deployment of a custom.

Also of note is the overlap among the clusters in terms of the victimology and the use of generic tools like Mimikatz, with the three groups detected in the same target environment, around the same timeframe, and even on the same systems.

"A second hypothesis is that there are two or more Chinese threat actors with different agendas / tasks that are aware of each other's work and potentially even working in tandem."

News URL

http://feedproxy.google.com/~r/TheHackersNews/~3/hlWcTvbAJ5Y/chinese-hackers-target-major-southeast.html