McAfee uncovers cyber espionage campaign targeting telcos

By Harry Menear
Share
The cyber espionage campaign, dubbed Operation Diànxùn, has been attributed to Chinese hacker groups RedDelta and Mustang Panda...

Cybersecurity firm, McAfee, has uncovered a major cyber espionage campaign targeting telecommunications companies. The series of attacks, dubbed Operation Diànxùn, has been traced by McAfee, who attribute it to two Chinese hacker groups, RedDelta and Mustang Panda. 

“We discovered malware using similar tactics, techniques and procedures to those observed in earlier campaigns publicly attributed to the threat actors RedDelta and Mustang Panda,” commented McAfee researchers Thomas Roccia, Thibault Seret and John Fokker.

In a recent blog post, Roccia, Seret and Fokker note that they believe the purpose of Operation Diànxùn was to steal confidential information relating to 5G technology. 

McAfee believes with “a medium level of confidence” that the hackers gained access to their targets using a phishing website disguised as the Huawei company careers page, although they emphasise that they have found no evidence to suggest whether or not Huawei itself was in any way involved in the attack. If they were, hosting the phishing page through their own company site seems like an oddly self-incriminating move, so it’s probably safe to assume that the Chinese tech giant’s involvement doesn’t go any further than that of an unwitting participant. 

The malicious domain, hxxp://update.careerhuawei.net (don’t click it), was reportedly designed to look like the legitimate career page for Huawei. On the page, malware masquerading as a Flash application (under the domain name flach.cn) prompted users to sign off on downloading the virus into their own systems. 

McAfee, through its research and telemetry, believes strongly that the campaign was targeting German, Vietnamese and Indian telecom companies, and that the campaign has something to do with the increasingly common blacklisting of Chinese companies from the global 5G rollout. 

The most infections took root in the US, with the second-highest number found in India, and additional breaches in Vietnam, Italy, Germany, Spain and Eastern Europe. So far, the names of the telecom companies affected by the attacks have not been revealed. 

RedDelta is estimated to have been active since May of last year, and made a previous cyber attack against the Vatican, with later breaches “using decoy documents related to Catholicism, Tibet-Ladakh relations and the United Nations General Assembly Security Council, as well as other network intrusion activities targeting the Myanmar government and two Hong Kong universities. These attacks mainly used the PlugX backdoor using DLL side loading with legitimate software, such as Word or Acrobat, to compromise targets.” 

Cybercrime around the world has been on the rise over the past year, as the pandemic radically reshaped the ways in which many people access the internet, as well as massively increasing the number of people online, working and learning from unsecured home networks. 

A report released in December by Russian cybersecurity firm Kaspersky found that there was a 242% growth of attacks on Remote Desktop Protocols (RDPs) during 2020, compared to results shared in 2019. An estimated 1.7mn malicious files masquerading as apps were also discovered amid corporate communication. 

“The move online was not as flawless as one would imagine, especially given that we already lived in what we thought was a digitised world,” commented Dmitry Galov, a security researcher at Kaspersky. “As the focus switched to remote work, so did the cybercriminals, who directed their efforts to capitalise on a rise in adoption.”

Share

Featured Articles

Nokia: How Industry 4.0 can Incorporate Sustainability

David de Lancellotti, VP, CNS Enterprise Campus Edge Sales at Nokia, explains how Industry 4.0 technology can reduce carbon emissions by more than 10%

Smart Cities: How AI and IoT Can Transform Urban Living

Kurt Semba, Corporate Architect at Extreme Networks, delves into how IoT and AI are growing the smart city reality, from security to sustainability

TikTok Ban: What is Happening and What is the Impact?

We look at the discourse surrounding the US TikTok ban, if Trump plans to reverse the ban and how US social media is getting swept up in politics

Leigh Segall: Revolutionising Digital CX with Automation

Voice & Data

IBM & Ericsson to Transform UK Emergency Services Network

Wireless Networks

GSMA: How Europe Can Improve its 5G Digital Infrastructure

5G & IOT