Asian operators first, then Europe next.
Research by security specialist Cybereason has uncovered pervasive attacks on big telcos in Southeast Asia will inevitably be retargeted on European mobile operators. The Dead Ringer espionage campaign, active for years, is described in DeadRinger: Exposing Chinese Threat Actors Targeting Major Telcos.
Compromising of third parties
Threat researchers at Cybereason discovered multiple threat actors from China infiltrating telcos in Southeast Asia. As with the assaults on SolarWinds and Kaseya the DeadRinger attackers used a third-party provider for surveillance of special high-value targets.
Asian telco targets are likely to be corporations, political figures, government officials, law enforcement agencies, political activists and dissident factions of interest to the Chinese government.
However, the report warns that these attacks could be replicated against telcos in other regions.
Microsoft Exchange’s vulnerabilities
Vulnerabilities in Microsoft Exchange were vulnerabilities at the heart of the Hafnium attacks earlier this year which quietly withdrew data from Internet facing servers. Cybereason says surveillance for these sorties has taken place since 2017.
The Chinese hackers use stolen call logs to monitor their targets. Access and control over these telco networks allows China to shut down mobile network services to specific people or companies.
Cybereason Nocturnus researchers identified three threat actors, each with varying degrees of connection with known Chinese APT groups Soft Cell, Naikon, and Group-3390. All three are ‘known to operate in the interest of the Chinese government’, says Cybereason.