Researchers at Cybereason Nocturnus recently published a report disclosing three cyber espionage campaigns seeming to come from China targeting networks belonging to major telecommunications companies. The attackers are referred to as DeadRinger in the report and are believed to be working for Chinese state interests. The cybersecurity firm reported that the previously undisclosed campaigns focus on telecommunications companies in Southeast Asia. The firm also stated that the campaign bears some similarities to the SolarWinds and Kaseya attacks in how attackers secured access to their victims via a centralized vendor.
Cybereason stated that the attacks also boast overlaps in tactics and techniques with other known Chinese APTs. The campaign may have begun as early as 2017, according to the company. The second cluster has been linked to Chinese APT Naikon, while the first is believed to be operated by or under the Soft Cell APT. The former surfaced and begun attacking telcos in the last quarter of 2020, according to Cybereason. The attacks have continued up until now.
Read More: Chinese APTs strike major telecommunications companies