Researchers at McAfee Advanced Threat Research have recently discovered an ongoing information-gathering campaign against telecommunication companies around the world. Researchers have dubbed this campaign, “Operation Dianxun” which targets telecommunications employees across western Europe, the United States, and Southeast Asia with the purpose of gathering sensitive information and implementing spying tools within a companies’ network. The McAfee researchers attribute the campaign to a Chinese-based threat actor due to the attack methods and techniques being quite like that of threat actors RedDelta and Mustang Panda. Attackers known for targeting the Vatican and other Catholic organizations, as well as non-governmental organizations in Mongolia, respectively.
Read the complete McAfee report here.
The attackers used common social engineering tactics to deceive telecommunication employees into browsing to a fake domain, where the victim’s device would then be infected with malware designed to discover and collect data. The domain in question is believed to be a Huawei careers website, and the information the attackers were after seems to be focused around 5G technology.
Huawei makes for an especially good brand to mimic, as they lead the world in 5G technology. The pages crafted are very convincing fakes, designed to look as legitimate as possible. These pages mimicked the real Huawei website (career.huawei.com) design but with very slightly different URLs, including “update.careerhuawei.net” and “update.huaweiyuncdn.com”. From here, the pages would then download a program designed to resemble an adobe flash installer. The installer itself would verify the victim’s location and the date before moving on installing reconnaissance software, backdoors, and other malicious payloads.
The motive of this attack is not entirely clear, but some possible conclusions have been drawn. The United States and other western European governments have obstructed and halted the use of Huawei technology in their 5G networks out of fears that it might contain backdoors that enable spying, and it would not be the first time governments have leveraged such claims against the telecommunications giant. However, at this time McAfee states there is no evidence indicating Huawei was directly evolved in any of these attacks.
How to defend your organization?
McAfee believes organizations must have a multilayer security approach to face threats such as Mustang Panda and similarly advanced persistent threat (APT) groups the employ continuously updating techniques and technologies. Organizations and employees must have strong security capabilities such as SSL decryption and regular URL reputation checks.
Organizations should also have behavioral analysis and signature capabilities to recognize any threats towards the organization endpoint environment. Especially crucial are controls for blocking and detecting communications between hacked victim systems and external command-and-control servers.
To fight against threat actors like Operation Diànxùn, organizations must build an integrated security environment that will ensure the threats cannot spread on the chance they manage to break in.
For more news and updates, visit https://blog.excellimatrix.com/
You can also reach us out on Facebook, & LinkedIn or Contact us.
