HomeSecurity OperationsChinese Hackers Target T-Mobile and Other U.S. Telecoms in Wide-ranging Espionage Operation

Chinese Hackers Target T-Mobile and Other U.S. Telecoms in Wide-ranging Espionage Operation

Published on

spot_img

In a recent revelation, U.S. telecoms giant T-Mobile has confirmed that it fell victim to Chinese threat actors as part of an espionage campaign aimed at accessing valuable information. These adversaries, known as Salt Typhoon, executed a “monthslong campaign” focused on gathering cellphone communications from “high-value intelligence targets.” While the extent of the information accessed remains unclear, T-Mobile assured that its systems and data have not been significantly impacted, with no evidence of customer information breaches.

The infiltration of T-Mobile adds the company to a growing list of major organizations, including AT&T, Verizon, and Lumen Technologies, targeted in what appears to be a widespread cyber espionage effort. Despite the lack of specifics on the success of these attacks, reports suggest that Salt Typhoon’s unauthorized access to Americans’ cellular data was previously disclosed by Politico.

The U.S. government’s ongoing investigation into the targeting of commercial telecommunications infrastructure further exposed a broad and significant hack orchestrated by the People’s Republic of China (PRC). Affiliated actors compromised networks at multiple telecom companies to steal customer call records data, access private communications of individuals primarily involved in government or political activities, and copy specific information that was subject to U.S. law enforcement requests.

Salt Typhoon, also operating under aliases such as Earth Estries, FamousSparrow, GhostEmperor, and UNC2286, has been active since at least 2020, according to Trend Micro. The group has been linked to a series of attacks targeting government and technology industries in several countries, showcasing a sophisticated approach in crafting payloads and using legitimate and bespoke tools to circumvent defenses and maintain access to targets.

Trend Micro analysts highlighted the group’s persistence in updating tools, employing backdoors for lateral movement and credential theft, and utilizing tactics like data collection through tools such as TrillClient. The threat actors displayed a diverse attack strategy, leveraging vulnerable services and remote management utilities for initial network access.

One attack method involved exploiting vulnerabilities in QConvergeConsole installations to deliver malware like Cobalt Strike, TrillClient, and backdoors like HemiGate and Crowdoor. Another more sophisticated approach saw the abuse of Microsoft Exchange servers to deploy the China Chopper web shell, facilitating the delivery of additional tools such as Zingdoor and Snappybee.

The threat actors also demonstrated the use of programs like NinjaCopy for credential extraction and PortScan for network discovery and mapping. Their strategic deployment of various backdoors, like Cryptmerlin and FuxosDoor, underscored their technical capabilities and adaptability in maintaining access within compromised environments.

Overall, the analysis of Salt Typhoon’s persistent tactics reveals a highly sophisticated threat actor with a deep understanding of target environments. By combining established tools with custom backdoors, the group created a multi-layered attack strategy that poses challenges for detection and mitigation efforts.

The situation underscores the continued threat posed by state-sponsored actors engaging in cyber espionage, highlighting the need for robust cybersecurity measures and ongoing vigilance to protect sensitive information and critical infrastructure.

Source link

Latest articles

HackerOne Cybersecurity Platform Partners with AWS Marketplace

The cybersecurity tools offered by HackerOne, including bug bounty programs and vulnerability disclosure services,...

Awareness of Cyber Threats in the Holiday Season

The holiday season may be a time of merriment and joy, but it also...

Feel Secure by Integrating Custom Secrets Vaults – Source: securityboulevard.com

In today's interconnected digital world, the management of Non-Human Identities (NHIs) is a critical...

TrueNAS device vulnerabilities revealed in hacking competition

Recently, at the Pwn2Own Ireland 2024 event, security researchers uncovered vulnerabilities in a range...

More like this

HackerOne Cybersecurity Platform Partners with AWS Marketplace

The cybersecurity tools offered by HackerOne, including bug bounty programs and vulnerability disclosure services,...

Awareness of Cyber Threats in the Holiday Season

The holiday season may be a time of merriment and joy, but it also...

Feel Secure by Integrating Custom Secrets Vaults – Source: securityboulevard.com

In today's interconnected digital world, the management of Non-Human Identities (NHIs) is a critical...