Chinese Hackers Target Major Southeast Asian Telecom Companies

Three distinct clusters of malicious activities operating on behalf of Chinese state interests have staged a series of attacks to target networks belonging to at least five major telecommunications companies located in Southeast Asian countries since 2017.

“The goal of the attackers behind these intrusions was to gain and maintain continuous access to telecommunication providers and to facilitate cyber espionage by collecting sensitive information, compromising high-profile business assets such as the billing servers that contain Call Detail Record (CDR) data, as well as key network components such as the Domain Controllers, Web Servers and Microsoft Exchange servers,” Cybereason’s Lior Rochberger, Tom Fakterman, Daniel Frank, and Assaf Dahan revealed in a technical analysis published Tuesday.

Stack Overflow Teams

The Boston-based cybersecurity firm linked the campaigns to three different Chinese threat actors, namely Gallium (aka Soft Cell), Naikon APT (aka APT30 or Lotus Panda), and TG-3390 (aka APT27 or Emissary Panda).

The activity surrounding the latter of the three clusters started in 2017, while Gallium-related attacks were first observed in Q4 2020, with the Naikon group jumping on the…

Have a comment? Type it below!