Chinese APT targets telcos in 5G-related cyber-espionage campaign
A Chinese advanced persistent threat (APT) actor is targeting major telecommunications companies in the US, Europe, and Southeast Asia in a cyber-espionage campaign that appears designed to steal data pertaining to 5G technology.
The campaign — dubbed Operation Diànxùn — is likely motivated by the ban on the use of Chinese technology in 5G rollouts in several countries, McAfee says in a new report. According to the security vendor, the threat actor behind the campaign is using methods associated with Mustang Panda, a group that several security vendors previously have identified as working for the Chinese government.
Data related to Operation Diànxùn shows that victims were lured to a website purporting to be a career page for Huawei — widely regarded as the leader in the 5G space. Several governments, including the US, have barred the use of Huawei’s 5G technology out of fears that it might contain backdoors that enable widespread spying. There’s nothing to indicate that Huawei is in any way connected to the current threat campaign, however, McAfee says.
According to the security vendor, it’s unclear how the attackers initially lured victims to the phishing site. But once victims got there, they were greeted with a webpage that looked very similar to Huawei’s career site. The attackers used the fake website to download malware that masqueraded as a Flash application. The site from which the Flash application was downloaded also was carefully designed to appear like the official webpage in China for the Flash download site. The malware, among other things, downloaded the Cobalt Strike attack kit on compromised systems.
To read the complete article, visit Dark Reading.