HomeSecurity OperationsChinese Hackers Target T-Mobile and Other U.S. Telecoms in Wide-ranging Espionage Operation

Chinese Hackers Target T-Mobile and Other U.S. Telecoms in Wide-ranging Espionage Operation

Published on

spot_img

In a recent revelation, U.S. telecoms giant T-Mobile has confirmed that it fell victim to Chinese threat actors as part of an espionage campaign aimed at accessing valuable information. These adversaries, known as Salt Typhoon, executed a “monthslong campaign” focused on gathering cellphone communications from “high-value intelligence targets.” While the extent of the information accessed remains unclear, T-Mobile assured that its systems and data have not been significantly impacted, with no evidence of customer information breaches.

The infiltration of T-Mobile adds the company to a growing list of major organizations, including AT&T, Verizon, and Lumen Technologies, targeted in what appears to be a widespread cyber espionage effort. Despite the lack of specifics on the success of these attacks, reports suggest that Salt Typhoon’s unauthorized access to Americans’ cellular data was previously disclosed by Politico.

The U.S. government’s ongoing investigation into the targeting of commercial telecommunications infrastructure further exposed a broad and significant hack orchestrated by the People’s Republic of China (PRC). Affiliated actors compromised networks at multiple telecom companies to steal customer call records data, access private communications of individuals primarily involved in government or political activities, and copy specific information that was subject to U.S. law enforcement requests.

Salt Typhoon, also operating under aliases such as Earth Estries, FamousSparrow, GhostEmperor, and UNC2286, has been active since at least 2020, according to Trend Micro. The group has been linked to a series of attacks targeting government and technology industries in several countries, showcasing a sophisticated approach in crafting payloads and using legitimate and bespoke tools to circumvent defenses and maintain access to targets.

Trend Micro analysts highlighted the group’s persistence in updating tools, employing backdoors for lateral movement and credential theft, and utilizing tactics like data collection through tools such as TrillClient. The threat actors displayed a diverse attack strategy, leveraging vulnerable services and remote management utilities for initial network access.

One attack method involved exploiting vulnerabilities in QConvergeConsole installations to deliver malware like Cobalt Strike, TrillClient, and backdoors like HemiGate and Crowdoor. Another more sophisticated approach saw the abuse of Microsoft Exchange servers to deploy the China Chopper web shell, facilitating the delivery of additional tools such as Zingdoor and Snappybee.

The threat actors also demonstrated the use of programs like NinjaCopy for credential extraction and PortScan for network discovery and mapping. Their strategic deployment of various backdoors, like Cryptmerlin and FuxosDoor, underscored their technical capabilities and adaptability in maintaining access within compromised environments.

Overall, the analysis of Salt Typhoon’s persistent tactics reveals a highly sophisticated threat actor with a deep understanding of target environments. By combining established tools with custom backdoors, the group created a multi-layered attack strategy that poses challenges for detection and mitigation efforts.

The situation underscores the continued threat posed by state-sponsored actors engaging in cyber espionage, highlighting the need for robust cybersecurity measures and ongoing vigilance to protect sensitive information and critical infrastructure.

Source link

Latest articles

Two people arrested by police for cheating Telangana resident of Rs 16 lakh

Two individuals, a man named S Srikanth and a woman named Vankara Lavanya, were...

Automated Pentesting Tool Powered by ChatGPT

PentestGPT is a cutting-edge ChatGPT-powered Penetration testing Tool developed by GreyDGL, a Ph.D. student...

Navigating AI Risks: Best Practices for Compliance and Security

Cybersecurity experts are warning organizations about the increasing risks associated with AI adoption as...

4 Möglichkeiten zur Verbesserung der Cyberabwehrstärke

Generative AI, auch bekannt als künstliche Intelligenz (KI), gewinnt in der heutigen Zeit zunehmend...

More like this

Two people arrested by police for cheating Telangana resident of Rs 16 lakh

Two individuals, a man named S Srikanth and a woman named Vankara Lavanya, were...

Automated Pentesting Tool Powered by ChatGPT

PentestGPT is a cutting-edge ChatGPT-powered Penetration testing Tool developed by GreyDGL, a Ph.D. student...

Navigating AI Risks: Best Practices for Compliance and Security

Cybersecurity experts are warning organizations about the increasing risks associated with AI adoption as...