Report of Chinese hackers targeting Southeast Asia's telecom firms

Security firm Cybereason reported on Tuesday that it detected three vicious cyberattacks operating on behalf of the Chinese state targeting at least five of the biggest telecommunications firms located in Southeast Asia countries.

Previously, a similar cyberattack on Microsoft Exchange email server, the U.S., Britain, and the European Union have repeatedly accused Beijing of state sponsored espionage movements leading to the expansion of cyber espionage lists linking these operations to the Chinese government.

On Tuesday, Boston-based Cybereason released a report declaring the identification of three sets of attacks into the state’s telecom industry since 2017. The security firm linked these attacks to Chinese authorities, or the attack’s architects are working hand in hand with Beijing.

“The goal of the attackers behind these intrusions was to gain and maintain continuous access to telecommunications providers and to facilitate cyber espionage by collecting sensitive information, compromising high-profile business assets such as the billing servers that contain Call Detail Record (CDR) data, as well as key network components such as the Domain Controllers, Web Servers and Microsoft Exchange servers,” security researchers declared in an analysis published in the report.

In the report, Cybereason proclaimed that the set of intrusions were connected to three major groups associated with China.

The first group is Operation Soft Cell, a worldwide campaign against communications providers. Second group is Naikon APT, a cyber espionage entity linked to the People’s Liberation Army and was accused of pursuing countries in the Association of Southeast Asian Nations.

The compelling part about the last group is its connection to the cyberattack Microsoft endured earlier this year, and it functioned as an indirect entry to Microsoft’s Outlook Web Access. This group had “significant code similarities” to an old back-door activity related to the Chinese threat known as “Group-3390.”

Beijing was swift to respond toward the accusations by debunking any allegation that the Chinese government had a role to play in these cyberattacks, declaring that the report is “nothing but another effort from Washington and its allies to conspire on the Chinese government.”

With big worldly parties throwing accusations at each other to prove their supremacy, cyberspace has become a battlefield between the U.S. and China. The subtle rise of the Chinese-U.S. tech cold war will leave cyber actors employing their finest attempts to secure their state’s security.