What We Know about Massive Hack Targeting Southeast Asian Telecoms by Chinese Hackers

Chinese hackers blamed for massive hack against 5 telecom companies in Southeast Asia.
August 05, 2021 | 08:25
Vietnamese Cybersecurity Expert Tops World White-hat Hacker Ranking Vietnamese Cybersecurity Expert Tops World White-hat Hacker Ranking
U.S. Blames China For Microsoft Exchange Hacks U.S. Blames China For Microsoft Exchange Hacks
Former hacker now cyber security expert Former hacker now cyber security expert
What We Know about Massive Hack Targeting Southeast Asia Telecoms by Chinese Hackers
US-based security company Cybereason says it has identified three clusters of intrusions into the industry since at least 2017

Chinese cyberespionage groups have been targeting major telecoms providers across Southeast Asia, reported Bloomberg citing cybersecurity researchers.

The hacking groups waged a campaign across Southeast Asia from 2017 to 2021, in some cases exploiting security vulnerabilities in Microsoft Corp.’s Exchange servers to gain access to telecommunication companies’ internal systems, according to a new report published Tuesday by US-based security firm Cybereason Inc.

"The goal of the attackers behind these intrusions was to gain and maintain continuous access to telecommunication providers and to facilitate cyber espionage by collecting sensitive information, compromising high-profile business assets such as the billing servers that contain Call Detail Record (CDR) data, as well as key network components such as the Domain Controllers, Web Servers and Microsoft Exchange servers," Cybereason's Lior Rochberger, Tom Fakterman, Daniel Frank, and Assaf Dahan revealed.

Lior Div, the chief executive officer of Cybereason, said the hackers had obtained “the holy grail of espionage,” by gaining total control of the telecommunication networks they penetrated.

“These state-sponsored espionage operations not only negatively impact the telcos’ customers and business partners, they also have the potential to threaten the national security of countries in the region and those who have a vested interest in the region’s stability,” Div said.

China’s Foreign Ministry didn’t respond to requests for comment. However, a government spokesperson previously denied allegations that Chinese hackers infiltrated Microsoft Exchange servers.

The firm said it had proactively sought out threat actors after the US, Britain, European Union and others blamed China for sponsoring the massive Microsoft hack discovered earlier this year that compromised tens of thousands of computers and networks, according to South China Morning Post.

The latest hacking allegations come after the US in mid-July vowed to work with its allies against China’s “destabilising behaviour in cyberspace”, including the exposure of internal communications in Microsoft Exchange software by Chinese-based hackers known as Hafnium.

Beijing rejected the cyberattack claims, saying Washington had “ganged up with its allies to make groundless accusations”, and called on the US and its allies to “stop cybertheft and attacks targeting China”.

The foreign ministry said Beijing opposed all forms of cyberattack, and that the US accusations lacked complete evidence in linking the hacking to the Chinese government.

A Microsoft spokesperson said the company hadn’t yet seen the report and therefore declined to comment.

What We Know about Massive Hack Targeting Southeast Asia Telecoms by Chinese Hackers
The activity surrounding the latter of the three clusters started in 2017.

Div declined to name specific companies or countries where the hackers carried out their intrusions, though the report said they targeted telecommunications providers in some Southeast Asian nations that had long-standing disputes with China.

It also pointed to older research from the cybersecurity firm Check Point Software Technologies Ltd. that found one of the hacking groups had previously targeted government foreign affairs, science and technology ministries, as well as government-owned companies in countries including Indonesia, Vietnam, and the Philippines.

The hackers’ intent was likely to obtain information about corporations, political figures, government officials, law enforcement agencies, political activists and dissident factions of interest to the Chinese government, according to Cybereason’s researchers. However, the hackers also had the ability to shut down or disrupt the networks if they chose to shift their priority from espionage to interference, the security firm concluded.

Cybereason found the hackers to be “highly sophisticated and adaptive,” continuously evading security measures. One of the groups was observed hiding its malicious software in computers’ recycle bin folders. Another group disguised itself within anti-virus software and also used a South Korean multimedia player called “PotPlayer” to infect computers with a keylogger that recorded what they were typing.

In some cases, the hackers accessed the telecommunication networks by breaking in through security weaknesses in Microsoft’s Exchange Servers. Hackers affiliated with the group known as Soft Cell were exploiting some of the vulnerabilities at least three months before Microsoft publicly disclosed them in March 2021, according to Cybereason.

Cyber activity has become yet another space for tensions in the broadening rivalry between Beijing and Washington. The White House said it was escalating its response to Chinese cyberattacks, including with transatlantic military alliance Nato, which also condemned China over the Microsoft hacks, wrote South China Morning Post.

The US Justice Department in July also charged four Chinese citizens with establishing a company that allegedly worked with the Hainan State Security Department to hack into computer systems of companies, universities and government entities in the US and other countries from 2011 to 2018.

Hackers caught targeting Vietnam government portals Hackers caught targeting Vietnam government portals

The National Cyber Security Center said it has discovered and foiled a number of attempted cyberattacks on Vietnamese government portals by the China-linked Cycldek hacker ...

Chinese hackers connection still active in Indian computer systems, US firm said Chinese hackers connection still active in Indian computer systems, US firm said

The US firm said on Wednesday that one connection opened by Beijing's state-sponsored hackers into the network of an Indian maritime port are still active, ...

Vietnam police destroys criminals 'hacking' Facebook to appropriate property Vietnam police destroys criminals 'hacking' Facebook to appropriate property

The police of Ba Don town in Quang Binh province has destroyed a group of criminals hacking Facebook, causing 5 frauds to appropriate more than ...

Hannah Nguyen
Phiên bản di động