Hackers redirect to telecom companies to steal 5G secrets

International cybersecurity experts have issued an urgent message about a large-scale cyber espionage campaign that is strongly targeting telecom companies around the world. Through attacks, hackers will use malicious code to try to steal sensitive, important data – especially information about 5G technology – from compromised victims.

The campaign was first discovered by cybersecurity researchers at McAfee, and is currently targeting telecom service providers in Southeast Asia, Europe and the United States – areas considered. is a hot spot for the current speed of 5G network infrastructure deployment. Through preliminary analysis, McAfee’s side determined that the organization behind the attack was more likely a hacker group from China. That is also why it was named Operation Mission.

McAfee’s hacker group was put on a suspect called Mustang Panda (or RedDelta). This group also owns a pretty “rogue” record when being named in many cyber-espionage and attack campaigns targeting agencies and organizations around the world, not limited to fields. The fact that a group of experienced hackers like Mustang Panda redirects its targeting to telecom providers will obviously be a major concern.

According to preliminary statistics, there have been at least 23 telecom service providers suspected of being the target of the offensive campaign that began in August 2020. However, it is not clear how many targets have been. successfully penetrated by hackers.

Although the original mode of infection has not been determined yet, researchers have essentially found a malicious phishing domain placed under the control of attackers used to spread the malware. for the victim.

According to researchers, the malicious website disguised as a fake Huawei service website – a partner that supplies 5G equipment to many large telecommunications businesses. It is so intricately designed that it is almost indistinguishable from reality. McAfee stressed that Huawei itself is not involved in this cyber espionage campaign.

When a user visits a fake website, it provides a malicious Flash application that can be used to drop the Cobalt Strike backdoor into the target system, ultimately providing the attackers with visibility, acquisition, and steal sensitive information. The attacks appear to be designed to target people with knowledge of 5G and steal sensitive or confidential information related to the technology.

There are quite a few similarities between Operation Diaspora and some malicious activities that have been previously conducted by Chinese hacker groups in general. The similarity comes from how malware is deployed both strategically, technically, and process (TTP). The analysis of the attacks shows that the campaign is still actively trying to violate targets in the telecom sector.

With malicious domains playing an important role in this campaign, the most effective method that can help businesses protect themselves is to train, improve employees’ knowledge and vigilance, to they may find themselves on a fake or malicious website. This is easy to say, but in fact very complicated because cyber attackers have become very good at building highly accurate fake websites.

In addition, building a strong strategy to apply security updates and patches in a timely manner can also help protect businesses from cyber attacks proactively and effectively.