(Subscribe to our Today's Cache newsletter for a quick snapshot of top 5 tech stories. Click here to subscribe for free.)
A cyber espionage campaign with tactics similar to that of Chinese groups is targeting telecom companies to steal sensitive and secret information related to 5G technology, according to cybersecurity firm McAfee.
The targets were primarily based in Southeast Asia, Europe, and the US. Besides, McAfee identified hackers’ interest in German, Vietnamese and Indian telecommunication companies.
“We believe with a moderate level of confidence that the motivation behind this specific campaign has to do with the ban of Chinese technology in the global 5G roll-out,” McAfee said in a report.
In the operation dubbed Diànxùn, victims were directed to a malicious phishing domain which is under the control of attackers and used to deliver malware.
The phishing website masquerades as Huawei’s career page to target people working in the telecommunications industry. To make the site look genuine, hackers have designed it to look like: hxxp://career.huawei.com.
Once an unsuspecting visitor checks the fake site, a malicious Flash application runs, and that is used to enter an user’s machine to gain access to sensitive information.
McAfee noted that the attack used tactics similar to those of the Chinese groups RedDelta and Mustang Panda. Additionally, they identified multiple overlaps, including tooling, network and operating methods which suggests strong similarities between these attacks and, RedDelta and Mustang Panda.
The anti-virus maker clarified that it found no evidence that Huawei was knowingly involved in this campaign. RedDelta has been spotted in the wild since 2020 targeting the Vatican and other religious organisations. In September last year, the groupcontinued its activity using decoy documents related to Catholicism, Tibet-Ladakh relations and the United Nations General Assembly Security Council.