Major Southeast Asian Countries targeted by Chinese hackers

Harshika Sofat

August 3, 2021

Series of attacks targeting at least five major telecommunications companies located in Southeast Asian countries have been hacked since 2017. According to reports, the goal of these hackers is to gain and maintain continuous access to telecommunication providers and to facilitate cyber espionage by collecting sensitive information, compromising high-profile business assets such as the billing servers that contain Call Detail Record (CDR) data, as well as key network components such as Domain Controllers, Web Servers and Microsoft Exchange servers. Gallium (aka Soft Cell), Naikon APT (aka APT30 or Lotus Panda), and TG-3390(aka APT27 or Emissary Panda) are suspected to be the three different clusters that have been performing malicious activities on behalf of Chinese state interests. The researchers called the attackers highly adaptive in how they responded to various mitigation efforts, changing infrastructure, toolsets, and techniques while attempting to become more stealthy. They also feel that there is some connection between these three clusters. The overlap among the clusters in terms of the victimology and the use of generic tools like Mimikatz, with the three groups being detected in the same target environment, around the same timeframe, and even on the same systems. It is assumed that these clusters either are aware of each other's activity and work together or these three teams work separately but come under one single threat actor. Although there is not enough information available to confirm these details yet.

Abridged fromThe Hacker News