Chinese cyberattackers compromising telcos in Southeast Asia for espionage

The attack via Microsoft Exchange servers on telecom infrastructure could have been used to disrupt communications, but so far seems limited to gathering information on competitors, adversaries, and activists.

security vulnerabilities such as hackers and cyberattacks
Thinkstock

Several previously unidentified cyberattack campaigns have infiltrated major telecommunications providers across Southeast Asia, security firm Cybereason says it has discovered.

These attacks are said to be similar to the recent SolarWinds and Kaseya attacks. The US-based Cybereason said the attackers first compromised third-party service providers. But instead of using them to deliver malware through a supply chain attack, in this case “the intent was to leverage them to conduct surveillance of their customers' confidential communications”.

The report was released on 3 August 2021 and follows the US federal government’s public rebuke of China’s Ministry of State Security for the recent Hafnium attacks on Microsoft Exchange servers.

Multiple clusters of attacks on Southeast Asian telcos

The Cybereason report detailed multiple clusters of attack. These activities have evaded detection since at least 2017 and “are assessed to be the work of several prominent advanced persistent threat (APT) groups aligned with the interests of the Chinese government”, it said.

To continue reading this article register now

How to choose a SIEM solution: 11 key features and considerations