Three Chinese APT Groups Attack Major Telecommunications Companies

Cybersecurity research team Cybereason Nocturnus discovered three malicious cyber espionage campaigns, as three Chinese APT groups attacked the networks of major telecommunications companies.

According to experts, the attacks were organized by three cybercriminal groups (APTs) allegedly linked to the Chinese government. This conclusion is made based on a comparison of tactics and methods with other well-known Chinese APTs.

The first cyber operation is believed to be related to APT Soft Cell. A second operation called Naikon, launched in late 2020, targeted telecommunications companies. According to the researchers, Naikon may be associated with the military bureau of the People’s Liberation Army of China (PLA). The third cyber operation was organized in 2017 by APT27 (also known as Emissary Panda). The criminals used a backdoor to compromise Microsoft Exchange servers.

The hackers’ methods included exploiting vulnerabilities in Microsoft Exchange Server, installing the China Chopper web shell, using Mimikatz to steal credentials, creating Cobalt Strike beacons and backdoors to connect to the C&C server.

In each wave of cyberattacks, criminals have targeted cyber espionage by collecting sensitive information, compromising critical business assets such as billing servers containing Call Detail Record (CDR) data, and key network components such as domain controllers, web servers, and servers. Microsoft Exchange.

In some cases, groups could simultaneously be in the same compromised environment. However, it is unclear if they worked independently or were all under the leadership of a specific group or coordinating headquarter from the government.

Let me remind you that we also talked about how Chinese hackers use a new backdoor to spy on the country’s government from Southeast Asia.