Cybersecurity firm, Cybereason has uncovered a number of serious threats to third-party service providers emanating from China.
Their 'Deadringer' report has discovered major unidentified cyber-attacks across Southeast Asia and was then exposed as 'Advanced Persistent Threat' (APT) groups aligned with the interests of the Chinese government.
These attacks are similar to the 'Solarwinds' and 'Kaseya' threats but instead of delivering malware through the supply chain link, the intent was to conduct surveillance of customer's confidential communications. The attackers were highly adaptive and obscured their activity on the infected systems since at least 2017. This is an indication that the information was highly valuable to the attackers.
Exploiting vulnerabilities in Microsoft Exchange Servers, the attackers gained access to networks and compromised Domain Controllers and billing systems containing 'Call Detail Record' data and thus were able to obtain sensitive communications records.
The reasoning behind the telecom attacks seems to be an attempt to facilitate espionage against dissident factions who are of interest to the Chinese regime. There is also a link to other APT groups such as Soft Cell who are known to operate on behalf of the Chinese Government.
Whilst, the attacks were primarily in Asia the activity could be replicated in other parts of the world and could move onto communications disruption. The report comes in the wake of the recent public rebuke by the US government to China for the 'Hafnium' attacks that put thousands of organisations worldwide at risk.
Lior Div, Cybereason CEO and co-founder, said: 'The attacks are very concerning because they undermine the security of critical infrastructure providers and expose the confidential and proprietary information of both public and private organisations that depend on secure communications for conducting business. These state-sponsored espionage operations not only negatively impact the telcos’ customers and business partners, they also have the potential to threaten the national security of countries in the region and those who have a vested interest in the region’s stability.'
“This is why Cybereason maintains a global team of seasoned threat intelligence investigators whose focus is to expose the tactics, techniques and procedures of advanced adversaries so we can better protect organisations from these kinds of complex attacks now and into the future.”
The report by Cybereason comes at a time of heightened concerns over Cybersecurity due to the Covid-19 pandemic with 93% of CISO's believing managing cyber risk will become more complicated in 2022 and 77% admitting their business had been attacked in the last 12 months. The good news is that 90% are responding to the threat by investing in new technologies to combat emerging challenges.