Chinese hackers attacked top telcos using Microsoft Exchange flaw

News
By published

Long running campaign used all the tricks of the trade to avoid detection

security threat
(Image credit: Shutterstock.com)

Cybersecurity researchers have shared details about a “highly sophisticated” and wide-ranging campaign against major telecom operators perpetrated by Chinese state-sponsored threat actors.

Discovered by security firm Cybereason, signs of the campaign can be traced all the way back to 2017. 

“Based on our analysis, we assess that the goal of the attackers behind these intrusions was to gain and maintain continuous access to telecommunication providers and to facilitate cyber espionage by collecting sensitive information, compromising high-profile business assets such as the billing servers that contain Call Detail Record (CDR) data, as well as key network components such as the Domain Controllers, Web Servers and Microsoft Exchange servers,” says the report.

TechRadar needs you!

We're looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and we'd hugely appreciate if you'd share your experiences with us.

>> Click here to start the survey in a new window <<

In its detailed analysis, Cybereason draws similarities between the recent SolarWinds and Kaseya attacks, and the campaign against the telcos, in that the threat actors first targeted third-party service providers. 

With the telcos though, instead of deploying malware, the attackers instead leverage them to conduct surveillance. 

Threat to national security

In its analysis, Cybereason notes that in some cases the attackers even used the recently reported vulnerabilities in Microsoft’s Exchange Servers, similar to the Hafnium attacks. Some even hid their tools in the computers’ recycle bin, while another exploited trusted security tools, especially antivirus software.

The report doesn’t specifically name the targeted countries, but points out that the targeted telcos are located in ASEAN countries, some of which have long term publicly known disputes with China. 

While the intention of the entire operation seems restricted to espionage, Cybereason argues that their access gave the attackers the ability to disrupt the networks just as easily, threatening national security.

“The attacks are very concerning because they undermine the security of critical infrastructure providers and expose the confidential and proprietary information of both public and private organizations that depend on secure communications for conducting business,” commented Cybereason’s co-founder and CEO, Lior Div.

Mayank Sharma
Mayank Sharma

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.

Read more
A computer being guarded by cybersecurity.
Huge cyberattack found hitting vulnerable Microsoft-signed legacy drivers to get past security
China
Chinese hackers targeting Juniper Networks routers, so patch now
China
Chinese hackers develop effective new hacking technique to go after business networks
China
Salt Typhoon hackers used this clever technique to attack US networks
Flag of the People&#039;s Republic of China overlaid with a technological network of wires and circuits.
Salt Typhoon attacks may have hit more US firms than previously thought
Flag of the People&#039;s Republic of China overlaid with a technological network of wires and circuits.
One of the biggest flaws exploited by Salt Typhoon hackers has had a patch available for years
Latest in Security
Hacker silhouette working on a laptop with North Korean flag on the background
North Korea unveils new military unit targeting AI attacks
An image of network security icons for a network encircling a digital blue earth.
US government warns agencies to make sure their backups are safe from NAKIVO security issue
Laptop computer displaying logo of WordPress, a free and open-source content management system (CMS)
This top WordPress plugin could be hiding a worrying security flaw, so be on your guard
Computer Hacked, System Error, Virus, Cyber attack, Malware Concept. Danger Symbol
Veeam urges users to patch security issues which could allow backup hacks
UK Prime Minister Sir Kier Starmer
The UK releases timeline for migration to post-quantum cryptography
Representational image depecting cybersecurity protection
Cisco smart licensing system sees critical security flaws exploited
Latest in News
Quordle on a smartphone held in a hand
Quordle hints and answers for Sunday, March 23 (game #1154)
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Sunday, March 23 (game #385)
NYT Connections homescreen on a phone, on a purple background
NYT Connections hints and answers for Sunday, March 23 (game #651)
Google Pixel 9 Pro Fold main display opened
Apple is rumored to be prioritizing battery life on the foldable iPhone – which could also feature a liquid metal hinge for added durability
Google Pixel 9
The Google Pixel 10 just showed up in Android code – and may come with a useful speed boost
L-mount alliance
Sirui joins L-Mount Alliance to deliver its superb budget lenses for Leica, DJI, Sigma and Panasonic cameras
More about security
Hacker silhouette working on a laptop with North Korean flag on the background

North Korea unveils new military unit targeting AI attacks

Laptop computer displaying logo of WordPress, a free and open-source content management system (CMS)

This top WordPress plugin could be hiding a worrying security flaw, so be on your guard
Compal Adapt X modular laptop

One of the largest laptop manufacturers releases concept pictures of Adapt X, a modular laptop in the same vein as Framework
See more latest
Most Popular
Compal Adapt X modular laptop
One of the largest laptop manufacturers releases concept pictures of Adapt X, a modular laptop in the same vein as Framework
Anycubic foldable portable 3D printer
Anycubic may launch this gorgeous foldable portable 3D printer any day soon, and I can't wait to try it out
HP Fury G1i 18&quot;
'2-inches gets you 30% more screen': HP is pitching 18-inch laptop as the best new thing in tech
Framework Desktop
Framework's Desktop is selling like hot cakes; Ryzen Max+ 395, Max 383 batches are sold out with next shipment in Q3
Quordle on a smartphone held in a hand
Quordle hints and answers for Sunday, March 23 (game #1154)
NYT Connections homescreen on a phone, on a purple background
NYT Connections hints and answers for Sunday, March 23 (game #651)
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Sunday, March 23 (game #385)
Google Pixel 9 Pro Fold main display opened
Apple is rumored to be prioritizing battery life on the foldable iPhone – which could also feature a liquid metal hinge for added durability
A person using a smartphone with an ecommerce website showing on a laptop.
Consumers are warming up to AI assistants, survey finds - 1/3 of us would allow AI to make purchases
A bloodied Mark staring at an off-screen Helly as Gemma screams at him from behind an exit door in Severance season 2 episode 10
Severance season 3: everything we know so far about the wildly popular Apple TV+ show's next chapter