Tracking Cyber Espionage Campaigns Against Telecom Companies
Category: Threat Actor Activity | Industry: Telecommunication | Level: Strategic | Source: Cybereason
Cybereason researchers report cyber espionage operations conducted against telecommunication companies by threat actors aligned with the Chinese government. Two specific campaigns were tracked by Cybereason. The first Operation DeadRinger occurring in 2021, targeted telecommunication companies in Southeast Asia collecting customer data and persisting on the victim's networks. The threat actors compromised public-facing applications such as domain controllers and Microsoft Exchange servers. "Cybereason researchers also discovered the attackers were stealing data stored in the Active Directory, compromising every single username and password in customer organizations along with personally identifiable information, billing data, email server data, the geolocation of users, and more." The second campaign, Operation SoftCell spanned seven years from 2012 to 2019, compromising over ten telecommunications providers with a focus on data collection against high-profile figures in business and government as well as individuals believed to be “enemies of China.” The campaigns were initiated with the intent of intelligence collection siphoning trade secrets and intellectual property from victim organizations to obtain competitive advantages. Organizations impacted by data theft, not only suffer from the loss of intellectual property, but it compounds from the loss of financial investment in research and development (R&D) projects and competing against their own innovations. "Telecom companies transmit and store large amounts of sensitive data, so it’s no surprise they are a prime target for cyberattacks from nation-state actors conducting geopolitical espionage and corporate espionage as well as criminal cyber gangs looking to make a quick profit." Competitors gain an advantage with stolen data and can implement new ideas without having to recover from R&D expenses.