Sustained Campaign Using Chinese Espionage Tools Targets Telcos

June 20, 2024, 5:12 p.m.

Description

Attackers using tools associated with Chinese espionage groups have breached multiple telecom operators in a single Asian country in a long-running espionage campaign. The attackers placed backdoors on the networks of targeted companies and also attempted to steal credentials.

External References

https://symantec-enterprise-blogs.security.com/threat-intelligence/telecoms-espionage-asia
https://otx.alienvault.com/pulse/66745ce26e18f22c7bd7cddc
Tags
backdoor
espionage
credential theft
keylogger
2024-06-20
coolclient
quickheal
rainyday
telecommunications
responder

Date

  • Created: June 20, 2024, 4:46 p.m.
  • Published: June 20, 2024, 4:46 p.m.
  • Modified: June 20, 2024, 5:12 p.m.

Indicators

  • f45dabd683795f099a40553e5d85c9bc8a15bb964c992b45cec48c620ff78fdb
  • e32c5e6d70895f0d071f420b7ff28c6fe0eaf2c08eeebe39122b3b1fd1981473
  • dc9a12574f8c3b5bed6043b1cd3fd43672779d132c864bb22ae8b0a5dee24576
  • c61daa0df88a33387b94b22bfc0b68d1211a57357aff401613c07832b5192fc0
  • c348eba51897fbd55ca3ffdaab21259b8f73688e6e008b923ebc597c6272d2d9
  • 6ad67d7f76986359865667bdd51ba267f6bd7e560270512074448dd7b088bcb7
  • 6a5fdbe9579b69d4a5e1f6930145debd5adb2a9f93dd052bfb442cbd0141277b
  • 4c136270ca4c17edb77985aca570e291fa77abaaa48761f85e184892089164a6
  • 3aae73ff8ff5973c74af5a7991ca6a57ce797b7b775e1358efd9d76b67b5797b
  • 1906e7d5a745a364c91f5e230e16e1566721ace1183a57e8d25ff437664c7d02
  • 089809e73354648b3caed7db6bc24dcce4f2ef0f327206fd14f36c6619d9ed30
  • 65.20.76.211
  • 65.20.73.72
  • 65.20.82.212
  • 65.20.70.110
  • 65.20.69.80
  • 65.20.66.214
  • 49.204.77.162
  • 65.20.66.128
  • 206.189.136.180
  • 43.152.200.62
  • 38.60.254.243
  • 157.245.107.16
  • 159.89.170.164
  • 159.65.158.28
  • 143.110.244.132
  • 143.110.250.11
  • 146.190.18.167
  • 142.93.223.200
  • 14.161.4.152
  • 139.84.163.162
  • 139.84.166.131
  • 139.84.165.248
  • 139.59.37.50
  • 139.84.130.178
  • 139.84.137.139
  • 134.209.156.5
  • 139.59.35.77
  • 134.209.147.60
  • 113.160.186.153
  • 117.2.82.149
  • 65.60.14.246
  • 206.189.140.171
  • 115.79.207.240
  • 203.159.95.197
  • 110.34.166.198
  • 103.180.161.123
Download all indicators here!

Attack Patterns

  • CoolClient
  • QuickHeal
  • RainyDay - S0629

Additional Informations

  • Education
  • Telecommunications