Cyber-attacks emanating from China according to research

Cybersecurity firm Cybereason has uncovered a number of threats to IT firms coming from China

Cybersecurity firm, Cybereason has uncovered a number of serious threats to third-party service providers emanating from China.

Their 'Deadringer' report has discovered major unidentified cyber-attacks across Southeast Asia and was then exposed as 'Advanced Persistent Threat' (APT) groups aligned with the interests of the Chinese government.

These attacks are similar to the 'Solarwinds' and 'Kaseya' threats but instead of delivering malware through the supply chain link, the intent was to conduct surveillance of customer's confidential communications. The attackers were highly adaptive and obscured their activity on the infected systems since at least 2017. This is an indication that the information was highly valuable to the attackers.

Exploiting vulnerabilities in Microsoft Exchange Servers, the attackers gained access to networks and compromised Domain Controllers and billing systems containing 'Call Detail Record' data and thus were able to obtain sensitive communications records.

The reasoning behind the telecom attacks seems to be an attempt to facilitate espionage against dissident factions who are of interest to the Chinese regime. There is also a link to other APT groups such as Soft Cell who are known to operate on behalf of the Chinese Government.

Whilst, the attacks were primarily in Asia the activity could be replicated in other parts of the world and could move onto communications disruption. The report comes in the wake of the recent public rebuke by the US government to China for the 'Hafnium' attacks that put thousands of organisations worldwide at risk.

Lior Div, Cybereason CEO and co-founder, said: 'The attacks are very concerning because they undermine the security of critical infrastructure providers and expose the confidential and proprietary information of both public and private organisations that depend on secure communications for conducting business. These state-sponsored espionage operations not only negatively impact the telcos’ customers and business partners, they also have the potential to threaten the national security of countries in the region and those who have a vested interest in the region’s stability.'

“This is why Cybereason maintains a global team of seasoned threat intelligence investigators whose focus is to expose the tactics, techniques and procedures of advanced adversaries so we can better protect organisations from these kinds of complex attacks now and into the future.”

The report by Cybereason comes at a time of heightened concerns over Cybersecurity due to the Covid-19 pandemic with 93% of CISO's believing managing cyber risk will become more complicated in 2022 and 77% admitting their business had been attacked in the last 12 months. The good news is that 90% are responding to the threat by investing in new technologies to combat emerging challenges.

 

Share

Featured Articles

How secure is sensitive data stored in the cloud?

A Cloud Security Alliance (CSA) survey has found 67% of organisations store sensitive data in public cloud environments, but how secure is it?

CYBER LIVE LONDON: Day 2 highlights of the hybrid tech show

We take a look at highlights of the different stages at the Tech Live London show, including insights from Claroty, SalesForce and Oracle

TECH LIVE LONDON: An overview of the hybrid technology show

We take a look at the first day of Tech Live London with insights from technology leaders from companies such as IBM, Microsoft and Vodafone

Does a cashless society mean higher risk of fraud?

Cyber Security

5 minutes with Gary Brickhouse, CISO of GuidePoint Security

Cyber Security

CTO at Passbolt explains the importance of password managers

Application Security