Cyber-Espionage Groups from China Target Asian Telecoms
The Asia-Pacific region is grappling with rising cyberattacks, especially on telecom companies. Three cyber-espionage groups have infiltrated telecom operators in multiple countries, planting backdoors, stealing credentials, and using custom malware to control and compromise other systems. This information comes from two cybersecurity firms' reports released last week.
Who Are the Attackers?
China-linked groups — Fireant, Neeedleminer, and Firefly — have been identified as the culprits. Known under aliases like Mustang Panda, Nomad Panda, and Naikon, these groups have a history of widespread attacks in the region. They compromised telecom companies in at least two Asian nations, according to Broadcom's Symantec cybersecurity division.
Why Target Telecoms?
Telecommunications companies are an attractive target because they are a hub for internet traffic. Dick O'Brien, principal threat intelligence analyst for Symantec, explains:
"There's the potential for eavesdropping and surveillance but also, because telecoms is critical infrastructure, you could create significant disruption in your target country."
Global Concern Over Increasing Cyberattacks
Senior U.S. officials recently warned about such critical infrastructure attacks. In response, Japan and the Philippines have formed an alliance to share information on cyber threats, particularly from China. Similarly, Japan and South Korea have an existing information-sharing agreement.
Recent Cyberattack Examples:
- Indonesia: Cybercriminals have compromised its National Data Center and demanded an $8 million ransom. Services for more than 200 agencies have been disrupted.
- Taiwan: Facing attacks from a Chinese state-sponsored group, RedJuliett, targeting 24 government agencies, educational institutions, and tech firms.
The Significance of Telecom Attacks
Telecommunications infrastructure is vital:
- Sergey Shykevich of Check Point Software mentions:
"The ultimate jackpot for an attacker with access to telecom networks is the CRM database of telco clients."
An example of the impact is seen in Ukraine where telecom disruption had significant consequences. Usually, the main goal is espionage and accessing valuable data.
Other At-Risk Regions:
Pakistan has seen a rise in attacks due to its rapid digitalization and geopolitical context. Telecom attacks can disrupt critical infrastructure and have a ripple effect on sectors like tech, finance, banking, and insurance, says Donny Chong of Nexusguard.
Details on Attack Methods
The attack on the unnamed Asian telecom firm used sophisticated custom tools, including:
- Memory execution to avoid detection.
- Sideloading malicious code via legitimate software.
These methods make the threats harder to detect. Symantec's O'Brien notes:
"The technique of sideloading using legitimate executables is favored by APT actors."
Complex Interconnections Among Attackers
While the threat groups may collaborate, they might also be using the same tools independently. Previous campaigns, like "Stayin' Alive", targeted telecoms and governments across Vietnam, Uzbekistan, and Kazakhstan. CurKeep, a simple downloader, used the same infrastructure linked to a sophisticated group known as ToddyCat, according to Kaspersky.
Conclusion
The continued cyberattacks on telecom companies highlight the critical need for robust cybersecurity measures and international cooperation to combat these sophisticated threats.
Veteran technology journalist with more than 20 years of experience, including contributions to CNET News.com, Dark Reading, MIT's Technology Review, and more. Recipient of five awards for journalism, including Best Deadline Journalism (Online) in 2003 for coverage of the Blaster worm.
