Cyber-espionage activities have been on the rise in the Asia-Pacific region, with at least three groups successfully compromising telecommunications operators in multiple countries. These malicious actors have managed to implant backdoors within the networks of communication providers, steal credentials, and deploy custom malware to exert control and compromise additional systems. Recent analyses conducted by two cybersecurity firms shed light on the extent and impact of these attacks.
The tools utilized by these groups, namely Fireant, Neeedleminer, and Firefly, have been attributed to China-linked threat actors such as Mustang Panda, Nomad Panda, and Naikon. These groups have a history of launching widespread attacks across various countries in the Asia-Pacific region. According to Symantec’s analysis, these cybercriminals see telecommunications companies as ideal targets for launching further malicious activities, including eavesdropping, surveillance, and other forms of cybercrime.
Dick O’Brien, Symantec’s principal threat intelligence analyst, emphasizes the potential for significant disruption that could be caused by compromising telecom infrastructure. He highlights the similarities between these espionage attacks and the warnings issued by the US government regarding the infiltration of critical infrastructure by China-linked threat actors. The motive behind these attacks appears to align with the strategic objectives of gaining access to sensitive information and potentially disrupting targeted countries.
The increasing frequency of cyberattacks in the Asia-Pacific region is evident from recent incidents. Indonesia recently faced a cyberattack targeting its National Data Center, resulting in service disruptions for over 200 agencies. Additionally, Taiwan is dealing with a wave of attacks from a Chinese state-sponsored group known as RedJuliett, which has targeted government agencies, educational institutions, and technology firms in the country.
According to cybersecurity experts, telecommunications companies are prime targets for cyberattackers due to the critical role they play in facilitating internet traffic. Sergey Shykevich, a threat intelligence group manager at Check Point Software, highlights the value of accessing telecom networks for extracting sensitive information such as SMS messages and location data. While the disruption of telecommunications infrastructure can have severe consequences, the primary objective for attackers often revolves around espionage and data exfiltration.
In a similar vein, Pakistan has become a focal point for communication-based attacks, given its rapid digitalization and geopolitical significance. Donny Chong, director at Nexusguard, underscores the risks associated with disrupting telecom infrastructure, which can extend to impacting other critical sectors like technology, finance, banking, and insurance.
The recent attack on an unnamed Asian telecommunications firm involved sophisticated threat actors deploying custom attack tools and evading detection by running code in memory. Symantec’s O’Brien notes the complexity of the attack techniques, including sideloading of malicious code using legitimate executables. The analysis also suggests potential collaboration between threat groups or shared toolsets used by different actors, highlighting the intricate nature of cyber espionage operations.
In conclusion, the cyber-espionage activities targeting telecommunications operators in the Asia-Pacific region underscore the evolving threat landscape faced by countries and organizations in the region. These attacks serve as a poignant reminder of the importance of bolstering cybersecurity defenses and collaborating on threat intelligence sharing to counter the growing sophistication of malicious actors in the digital realm.