Security News > 2021 > August > Chinese threat actors have been compromising telecom networks for years, investigation finds
Published by Cybereason, the report said that it found evidence of three different clusters of attacks going back to at least 2017, all perpetrated by groups or individuals connected in some way to advanced persistent threat groups Soft Cell, Naikon and Group-3390, which have each operated for the Chinese government in the past.
Cybereason said it believes the goal of the attacks was to established continuous access to telecom provider records "And to facilitate cyber espionage by collecting sensitive information, compromising high-profile business assets such as the billing servers that contain Call Detail Record data, as well as key network components such as the Domain Controllers, Web Servers and Microsoft Exchange servers."
Cybereason said its team started looking into Exchange vulnerabilities immediately after the Hafnium attacks "During the investigation, three clusters of activity were identified and showed significant connections to known threat actors, all suspected to be operating on behalf of Chinese state interests," the report said.
Overlap between the three clusters has occurred, Cybereason said, but it can't figure out why: "There is not enough information to determine with certainty the nature of this overlap - namely, whether these clusters represent the work of three different threat actors working independently, or whether these clusters represent the work of three different teams operating on behalf of a single threat actor," the report said.
Regardless of origin, the attacks have been very adaptive and actively maintain the backdoors they have into telecom networks.
"These attacks compromised telcos primarily in ASEAN countries, but the attacks could be replicated against telcos in other regions," the report concluded.