Sunday, April 13, 2025
HomeCyber Security NewsChinese Hackers Attacking Major Telecoms Using Sophisticated Hacking Tools

Chinese Hackers Attacking Major Telecoms Using Sophisticated Hacking Tools

Published on

SIEM as a Service

Follow Us on Google News

The security researchers of Cybereason Nocturnus have recently detected three malicious cyber-espionage campaigns that are targeting the major telecommunication companies all over SouthEast Asia.

According to the report, the analysts reported that they have found that in recent years the hackers have nearly targeted five major telecommunications providers in Southeast Asia. 

And this attack has affected tens of millions of customers as they have been hacked by three different Chinese hacking groups.

- Advertisement - Google News

After investigating the attack, the security experts have claimed that the malicious campaign, named as DeadRinger, has nearly targeted 5 major telecom companies in Southeast Asia. 

Moreover, the security experts have found that the attack was conducted by three cybercriminal APT groups that are associated with Chinese hackers. 

However, the main motive of the threat actors is to gain continuous access to telecommunication providers and by accumulating all the sensitive data to promote cyberespionage.

Apart from this, the analysts have also asserted that there are hacking groups that are associated with this attack, and all those groups have used various sophisticated methods, infrastructure, and toolsets to hack all the major telecommunications companies.

Linked Chinese Threat Actors

The first cyber operation is allegedly associated with APT Soft Cell, while the second operation called Naikon which is launched in late 2020, targeted telecommunications companies. 

Apart from this, the researchers suggest, Naikon may be associated with the military bureau of the People’s Liberation Army of China (PLA). 

While the third cyber operation was organized in 2017 by APT27 which is also known as Emissary Panda, and here the hackers used Nebulae backdoor to compromise Microsoft Exchange servers.

The threat actors that are involved in this cyber attack are mentioned below:-

  • Gallium (Soft Cell)
  • Naikon APT
  • TG-3390 (APT27, Emissary Panda)

Main Features of The Nebulae Backdoor

Here is the list of main features of the Nebulae backdoor:-

  • Reconnaissance and information gathering about infected hosts
  • File and process manipulation
  • Execution of arbitrary commands
  • Privilege escalation
  • C2 communications using raw sockets
  • RC4 data encryption for communication between the C2 and the target

The security researchers confirmed that the threat actors after the European Union, US, Britain, and many other countries have blamed China for sponsoring the extensive Microsoft hack.

The Chinese APT threat actors have used various methods in this attack, that included exploiting vulnerabilities in Microsoft Exchange Server, using Mimikatz to steal all the credentials, installing the China Chopper web shell, generating Cobalt Strike beacons and backdoors to correlate to the C&C server.

They have also noticed the presence of various hackers at the same endpoints at the same time, as all the groups were linked with the Chinese government. Not only this but the threat actors have regularly used similar tools with the same methods, and it also attacked the same targets at a similar time.

However, the researchers are still investigating, as it is not yet clear if the hacking groups are instructed to attack only the telecommunication companies, or if the attacks were conducted from a single source.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity, and hacking news updates.

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Threat Actors Manipulate Search Results to Lure Users to Malicious Websites

Cybercriminals are increasingly exploiting search engine optimization (SEO) techniques and paid advertisements to manipulate...

Hackers Imitate Google Chrome Install Page on Google Play to Distribute Android Malware

Cybersecurity experts have unearthed an intricate cyber campaign that leverages deceptive websites posing as...

Dangling DNS Attack Allows Hackers to Take Over Organization’s Subdomain

Hackers are exploiting what's known as "Dangling DNS" records to take over corporate subdomains,...

HelloKitty Ransomware Returns, Launching Attacks on Windows, Linux, and ESXi Environments

Security researchers and cybersecurity experts have recently uncovered new variants of the notorious HelloKitty...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Threat Actors Manipulate Search Results to Lure Users to Malicious Websites

Cybercriminals are increasingly exploiting search engine optimization (SEO) techniques and paid advertisements to manipulate...

Hackers Imitate Google Chrome Install Page on Google Play to Distribute Android Malware

Cybersecurity experts have unearthed an intricate cyber campaign that leverages deceptive websites posing as...

Dangling DNS Attack Allows Hackers to Take Over Organization’s Subdomain

Hackers are exploiting what's known as "Dangling DNS" records to take over corporate subdomains,...