China-Linked Espionage Targets Asian Telecoms Amid Rising Cyber Threats

Lilu Anderson
Photo: Finoracle.net

Cyber-Espionage Groups from China Target Asian Telecoms

The Asia-Pacific region is grappling with rising cyberattacks, especially on telecom companies. Three cyber-espionage groups have infiltrated telecom operators in multiple countries, planting backdoors, stealing credentials, and using custom malware to control and compromise other systems. This information comes from two cybersecurity firms' reports released last week.

Who Are the Attackers?

China-linked groupsFireant, Neeedleminer, and Firefly — have been identified as the culprits. Known under aliases like Mustang Panda, Nomad Panda, and Naikon, these groups have a history of widespread attacks in the region. They compromised telecom companies in at least two Asian nations, according to Broadcom's Symantec cybersecurity division.

Why Target Telecoms?

Telecommunications companies are an attractive target because they are a hub for internet traffic. Dick O'Brien, principal threat intelligence analyst for Symantec, explains:

"There's the potential for eavesdropping and surveillance but also, because telecoms is critical infrastructure, you could create significant disruption in your target country."

Global Concern Over Increasing Cyberattacks

Senior U.S. officials recently warned about such critical infrastructure attacks. In response, Japan and the Philippines have formed an alliance to share information on cyber threats, particularly from China. Similarly, Japan and South Korea have an existing information-sharing agreement.

Recent Cyberattack Examples:

  1. Indonesia: Cybercriminals have compromised its National Data Center and demanded an $8 million ransom. Services for more than 200 agencies have been disrupted.
  2. Taiwan: Facing attacks from a Chinese state-sponsored group, RedJuliett, targeting 24 government agencies, educational institutions, and tech firms.

The Significance of Telecom Attacks

Telecommunications infrastructure is vital:

  • Sergey Shykevich of Check Point Software mentions:

    "The ultimate jackpot for an attacker with access to telecom networks is the CRM database of telco clients."

An example of the impact is seen in Ukraine where telecom disruption had significant consequences. Usually, the main goal is espionage and accessing valuable data.

Other At-Risk Regions:

Pakistan has seen a rise in attacks due to its rapid digitalization and geopolitical context. Telecom attacks can disrupt critical infrastructure and have a ripple effect on sectors like tech, finance, banking, and insurance, says Donny Chong of Nexusguard.

Details on Attack Methods

The attack on the unnamed Asian telecom firm used sophisticated custom tools, including:

  • Memory execution to avoid detection.
  • Sideloading malicious code via legitimate software.

These methods make the threats harder to detect. Symantec's O'Brien notes:

"The technique of sideloading using legitimate executables is favored by APT actors."

Complex Interconnections Among Attackers

While the threat groups may collaborate, they might also be using the same tools independently. Previous campaigns, like "Stayin' Alive", targeted telecoms and governments across Vietnam, Uzbekistan, and Kazakhstan. CurKeep, a simple downloader, used the same infrastructure linked to a sophisticated group known as ToddyCat, according to Kaspersky.

Conclusion

The continued cyberattacks on telecom companies highlight the critical need for robust cybersecurity measures and international cooperation to combat these sophisticated threats.

Veteran technology journalist with more than 20 years of experience, including contributions to CNET News.com, Dark Reading, MIT's Technology Review, and more. Recipient of five awards for journalism, including Best Deadline Journalism (Online) in 2003 for coverage of the Blaster worm.

Share This Article
Lilu Anderson is a technology writer and analyst with over 12 years of experience in the tech industry. A graduate of Stanford University with a degree in Computer Science, Lilu specializes in emerging technologies, software development, and cybersecurity. Her work has been published in renowned tech publications such as Wired, TechCrunch, and Ars Technica. Lilu’s articles are known for their detailed research, clear articulation, and insightful analysis, making them valuable to readers seeking reliable and up-to-date information on technology trends. She actively stays abreast of the latest advancements and regularly participates in industry conferences and tech meetups. With a strong reputation for expertise, authoritativeness, and trustworthiness, Lilu Anderson continues to deliver high-quality content that helps readers understand and navigate the fast-paced world of technology.