The Symantec Threat Hunter Team reported that an alleged China-linked APT group has infiltrated several telecom operators in a single, unnamed, Asian country at least since 2021.<\/p>\n\n\n\n
The threat actors used tools associated with Chinese espionage groups, they planted multiple backdoors on the networks of targeted companies to steal credentials.\u00a0<\/p>\n\n\n\n
“The attacks have been underway since at least 2021, with evidence to suggest that some of this activity may even date as far back as 2020.\u00a0Virtually all of the organizations targeted were telecoms operators, with the addition of a services company that serves the telecoms sector and a university in another Asian country.” reads the report published by Broadcom Symantec Threat Hunter Team.<\/p>\n\n\n\n
Evidence collected by the experts suggests that the cluster activity may have been active since 2020.<\/p>\n\n\n\n
In a recent espionage campaign, the attackers employed custom malware associated with several Chinese APT groups. Some of the malware used by the threat actors are:<\/p>\n\n\n\n
In addition to utilizing custom backdoors. the cyber espionage group also employed a range of tactics, techniques, and procedures (TTPs) to compromise their targets. They deployed custom keylogging malware, port scanning tools, credential theft through the dumping of registry hives, a\u00a0publicly available tool<\/a>\u00a0known as Responder that acts as a\u00a0Link-Local Multicast Name Resolution\u00a0(LLMNR) NetBIOS Name Service (NBT-NS) and multicast DNS (mDNS)\u00a0poisoner, and enabling RDP.\u00a0<\/p>\n\n\n\n
The ultimate motive of the intrusion campaign remains unclear.” <\/p>\n\n\n\n
Follow me on Twitter: @securityaffairs<\/strong><\/a> and Facebook<\/strong><\/a> and Mastodon<\/strong><\/a><\/p>\n\n\n\n
Pierluigi Paganini<\/strong><\/a><\/p>\n\n\n\n
(<\/strong>SecurityAffairs<\/strong><\/a>\u00a0\u2013<\/strong>\u00a0hacking, China)<\/strong><\/p>\n\n\n\n