HomeSecurity OperationsChinese Hackers Target T-Mobile and Other U.S. Telecoms in Wide-ranging Espionage Operation

Chinese Hackers Target T-Mobile and Other U.S. Telecoms in Wide-ranging Espionage Operation

Published on

spot_img

In a recent revelation, U.S. telecoms giant T-Mobile has confirmed that it fell victim to Chinese threat actors as part of an espionage campaign aimed at accessing valuable information. These adversaries, known as Salt Typhoon, executed a “monthslong campaign” focused on gathering cellphone communications from “high-value intelligence targets.” While the extent of the information accessed remains unclear, T-Mobile assured that its systems and data have not been significantly impacted, with no evidence of customer information breaches.

The infiltration of T-Mobile adds the company to a growing list of major organizations, including AT&T, Verizon, and Lumen Technologies, targeted in what appears to be a widespread cyber espionage effort. Despite the lack of specifics on the success of these attacks, reports suggest that Salt Typhoon’s unauthorized access to Americans’ cellular data was previously disclosed by Politico.

The U.S. government’s ongoing investigation into the targeting of commercial telecommunications infrastructure further exposed a broad and significant hack orchestrated by the People’s Republic of China (PRC). Affiliated actors compromised networks at multiple telecom companies to steal customer call records data, access private communications of individuals primarily involved in government or political activities, and copy specific information that was subject to U.S. law enforcement requests.

Salt Typhoon, also operating under aliases such as Earth Estries, FamousSparrow, GhostEmperor, and UNC2286, has been active since at least 2020, according to Trend Micro. The group has been linked to a series of attacks targeting government and technology industries in several countries, showcasing a sophisticated approach in crafting payloads and using legitimate and bespoke tools to circumvent defenses and maintain access to targets.

Trend Micro analysts highlighted the group’s persistence in updating tools, employing backdoors for lateral movement and credential theft, and utilizing tactics like data collection through tools such as TrillClient. The threat actors displayed a diverse attack strategy, leveraging vulnerable services and remote management utilities for initial network access.

One attack method involved exploiting vulnerabilities in QConvergeConsole installations to deliver malware like Cobalt Strike, TrillClient, and backdoors like HemiGate and Crowdoor. Another more sophisticated approach saw the abuse of Microsoft Exchange servers to deploy the China Chopper web shell, facilitating the delivery of additional tools such as Zingdoor and Snappybee.

The threat actors also demonstrated the use of programs like NinjaCopy for credential extraction and PortScan for network discovery and mapping. Their strategic deployment of various backdoors, like Cryptmerlin and FuxosDoor, underscored their technical capabilities and adaptability in maintaining access within compromised environments.

Overall, the analysis of Salt Typhoon’s persistent tactics reveals a highly sophisticated threat actor with a deep understanding of target environments. By combining established tools with custom backdoors, the group created a multi-layered attack strategy that poses challenges for detection and mitigation efforts.

The situation underscores the continued threat posed by state-sponsored actors engaging in cyber espionage, highlighting the need for robust cybersecurity measures and ongoing vigilance to protect sensitive information and critical infrastructure.

Source link

Latest articles

The use of AI by scammers is transforming India’s cybercrime landscape: ’60-70% of our work depends on it’

Experts are expressing growing concerns about the impact of generative artificial intelligence (AI) on...

Top 5 Ransomware Attacks and Data Breaches of 2024

In the year 2024, the cybersecurity landscape witnessed a rapid evolution with cyber threats...

North Korean Hackers Steal $2.2 Billion from Crypto Platforms in 2024

In 2024, North Korean hackers have been reported to have stolen a massive $2.2...

Architect of LockBit Ransomware Arrested in Israel

In a significant milestone for global cybersecurity efforts, the Federal Bureau of Investigation (FBI)...

More like this

The use of AI by scammers is transforming India’s cybercrime landscape: ’60-70% of our work depends on it’

Experts are expressing growing concerns about the impact of generative artificial intelligence (AI) on...

Top 5 Ransomware Attacks and Data Breaches of 2024

In the year 2024, the cybersecurity landscape witnessed a rapid evolution with cyber threats...

North Korean Hackers Steal $2.2 Billion from Crypto Platforms in 2024

In 2024, North Korean hackers have been reported to have stolen a massive $2.2...