Researchers Discover Three-Way Cyberattack by Chinese Military Actors against Southeast Asian Telcos

wiredmikey shares a report from SecurityWeek: Researchers have discovered three separate Chinese military affiliated advanced threat groups simultaneously targeting and compromising the same Southeast Asian telcos. The attack groups concerned are Soft Cell, Naikon, and a third group, possibly Emissary Panda (also known as APT27)…

Cybereason released details of a triple-pronged attack by Chinese military-affiliated groups against cellular network providers in southeast Asia. Disturbingly, Yonatan Striem-Amit, CTO and co-founder of Cybereason, told SecurityWeek, “We discovered and have evidence that Chinese advanced groups have been using the Hafnium zero-days since at least 2017.” Cellular networks are a prime target for nation states because they provide an excellent steppingstone to many other types of attack and different targets. “At this point,” said Striem-Amit, “the attacks seem to be a stepping point for a major espionage campaign. We all carry a device in our pocket that knows where we are, where we have been, and who we are with….”

The surprising feature, apart from their stealthy duration, is that three groups, all associated with the Chinese government and often sharing tactics, techniques and procedures, have attacked the same targets at the same time — and have even been seen on the same endpoints simultaneously. It is consequently unclear whether the groups were separately instructed to target telcos, or whether they were being guided from a single source within the Chinese military… The one thing that is clear is that telcos are a major target for China, and that it has had knowledge of and has used serious Exchange zero-day vulnerabilities for many years.