Cybereason has published a new report on a massive cyber espionage campaign that has targeted telcos around the globe since 2017. The researchers believe “Operation Soft Cell,” is the work of APT10, a notorious hacking group with ties to China’s Ministry of State Security (MSS).
The campaign was carried out in waves. In the first stage, attackers target Internet-facing servers “from which the attackers gathered information about the network and propagated across the network.” Subsequently “the threat actor attempted to compromise critical assets, such as database servers, billing servers, and the active directory.” The attackers aborted their operations when their activity was detected. However, several months later they launched a second wave which involved “similar infiltration attempts, along with […] reconnaissance activities.” After that “a game of cat and mouse between the threat actor and the defenders began, as they ceased and resumed their attack two more times in the span of a four-month period.”