McAfee has reported that a cyber espionage campaign is underway against telcos across many regions of the world. These attacks are similar to a couple of groups of Chinese hackers. Furthermore, these attacks were aimed at 5G tech which is preparing for rollouts in these regions soon.
The Cyber Attack – Perpetrated by Chinese Hackers?
The targets were based in Southeast Asia, Europe, and the US mostly. The targets were telecom companies in these regions. McAfee successfully identified the hackers’ interest in German, Vietnamese and Indian telcos. This development can hinder the process of 5G rollout in these nations, particularly in India and Vietnam.
Details of the Cyberattack
In the operation called Diànxùn, victims were directed to a malicious phishing domain. This domain is under the control of attackers and delivers malware to anyone who lands on the site.
Shockingly, the phishing website looks like Huawei’s career page to target people working in telecom. The hackers went to great lengths to make the site look genuine. So much so that the hackers have designed it to look like: hxxp://career.huawei.com.
Please do not check the site as it could be highly dangerous.
As soon as someone checks the site, a Flash app runs which is used to enter the user’s computer to gain access to potentially sensitive information.
McAfee clarified that it found no evidence that Huawei was knowingly involved in this campaign.
The antivirus maker has reported that the attack used tactics similar to those of the groups RedDelta and Mustang Panda, two China-based groups. McAfee also discovered various other similarities in tooling, operating methods and network. It strongly suggests that these groups were involved, or at the very least, some copycats.
In 2020, RedDelta targeted the Vatican and other religious organizations. Interestingly, this is the first time after September last year that the group has been seen in operation. In their previous attack, the group used decoy documents related to Catholicism, Tibet-Ladakh relations and the United Nations General Assembly Security Council.
Why did this Attack Happen?
The report noted that “the motivation behind this specific campaign has to do with the ban of Chinese technology in the global 5G roll-out”. This comes as no particular surprise given multiple Chinese telecom vendors are facing bans from around the world. India is also preparing a list of trusted sources which may skip over many Chinese vendors. Furthermore, India has also made changes in the way telecom equipment is procured, citing security reasons.