Cyber-attacks emanating from China according to research

Share
Cybersecurity firm Cybereason has uncovered a number of threats to IT firms coming from China

Cybersecurity firm, Cybereason has uncovered a number of serious threats to third-party service providers emanating from China.

Their 'Deadringer' report has discovered major unidentified cyber-attacks across Southeast Asia and was then exposed as 'Advanced Persistent Threat' (APT) groups aligned with the interests of the Chinese government.

These attacks are similar to the 'Solarwinds' and 'Kaseya' threats but instead of delivering malware through the supply chain link, the intent was to conduct surveillance of customer's confidential communications. The attackers were highly adaptive and obscured their activity on the infected systems since at least 2017. This is an indication that the information was highly valuable to the attackers.

Exploiting vulnerabilities in Microsoft Exchange Servers, the attackers gained access to networks and compromised Domain Controllers and billing systems containing 'Call Detail Record' data and thus were able to obtain sensitive communications records.

The reasoning behind the telecom attacks seems to be an attempt to facilitate espionage against dissident factions who are of interest to the Chinese regime. There is also a link to other APT groups such as Soft Cell who are known to operate on behalf of the Chinese Government.

Whilst, the attacks were primarily in Asia the activity could be replicated in other parts of the world and could move onto communications disruption. The report comes in the wake of the recent public rebuke by the US government to China for the 'Hafnium' attacks that put thousands of organisations worldwide at risk.

Lior Div, Cybereason CEO and co-founder, said: 'The attacks are very concerning because they undermine the security of critical infrastructure providers and expose the confidential and proprietary information of both public and private organisations that depend on secure communications for conducting business. These state-sponsored espionage operations not only negatively impact the telcos’ customers and business partners, they also have the potential to threaten the national security of countries in the region and those who have a vested interest in the region’s stability.'

“This is why Cybereason maintains a global team of seasoned threat intelligence investigators whose focus is to expose the tactics, techniques and procedures of advanced adversaries so we can better protect organisations from these kinds of complex attacks now and into the future.”

The report by Cybereason comes at a time of heightened concerns over Cybersecurity due to the Covid-19 pandemic with 93% of CISO's believing managing cyber risk will become more complicated in 2022 and 77% admitting their business had been attacked in the last 12 months. The good news is that 90% are responding to the threat by investing in new technologies to combat emerging challenges.

 

Share

Featured Articles

SonicWall and CrowdStrike Unite for SMB Security Service

SonicWall partners with endpoint protection specialist CrowdStrike to offer managed detection and response capabilities through managed service providers

FS-ISAC CISO Talks Cyber Strategies for Financial Providers

FS-ISAC CISO JD Denning explains the cyber strategies financial providers need to adopt in order to stay afloat in the wave of cyber attacks

Darktrace Reports 692% Surge in Black Friday Cyber Scams

AI cybersecurity firm Darktrace reveals increase in brand impersonation attacks targeting retailers, with holiday-themed phishing attacks rising 327%

KnowBe4 Launches AI Agents to Counter Phishing Threats

Technology & AI

Gen Reports 614% Rise in Command Prompt Manipulation Scams

Cyber Security

SAVE THE DATE – Cyber LIVE London 2025

Cyber Security