Quote:Chinese-language APTs are targeting telecom companies in cyberespionage campaigns aimed at stealing sensitive data and trade secrets tied to 5G technology, according to researchers.
The campaigns, dubbed “Operation Diànxùn”, target and lure victims working in the telecom industry. A typical ploy includes a fake website designed to mimic telco-giant’s Huawei career page.
“While the initial vector for the infection is not entirely clear. [We believe] with a medium level of confidence that victims were lured to a domain under control [a] the threat actor, from which they were infected with malware,” according to McAfee researchers in a Tuesday report.
Given the tactics used in the campaign, researchers surmised it to be the work of known Chinese-language APTs RedDelta and Mustang Panda. RedDelta was last believed to be behind cyberattacks against the Vatican and other Catholic Church-related institutions last year. In those attacks, adversaries leveraged spear phishing emails laced with malware that ultimately pushed the PlugX remote access tool (RAT) as the final payload.
Meanwhile, Mustang Panda has been linked to cyberespionage attacks on non-governmental organizations (NGOs) with a focus on gathering intelligence on Mongolia by using shared malware like Poison Ivy or PlugX. The group also is known to shift tactics and adopt new tools quickly, researchers have noted.
This time around, the groups seem to be gunning for sensitive data and aiming “to spy on companies related to 5G technology,” researchers wrote. The campaign is likely related to a number of countries’ decision to ban the use of Chinese equipment from Huawei in the global rollout of the next-generation wireless telecommunications technology, researchers suggested.
Read more: State-sponsored Threat Groups Target Telcos, Steal 5G Secrets | Threatpost
![[-]](https://www.geeks.fyi/images/collapse.png)
