Sustained Campaign Using Chinese Espionage Tools Targets Telcos
June 20, 2024, 5:12 p.m.
Tags
External References
Description
Attackers using tools associated with Chinese espionage groups have breached multiple telecom operators in a single Asian country in a long-running espionage campaign. The attackers placed backdoors on the networks of targeted companies and also attempted to steal credentials.
Date
Published: June 20, 2024, 4:46 p.m.
Created: June 20, 2024, 4:46 p.m.
Modified: June 20, 2024, 5:12 p.m.
Indicators
f45dabd683795f099a40553e5d85c9bc8a15bb964c992b45cec48c620ff78fdb
e32c5e6d70895f0d071f420b7ff28c6fe0eaf2c08eeebe39122b3b1fd1981473
dc9a12574f8c3b5bed6043b1cd3fd43672779d132c864bb22ae8b0a5dee24576
c61daa0df88a33387b94b22bfc0b68d1211a57357aff401613c07832b5192fc0
c348eba51897fbd55ca3ffdaab21259b8f73688e6e008b923ebc597c6272d2d9
6ad67d7f76986359865667bdd51ba267f6bd7e560270512074448dd7b088bcb7
6a5fdbe9579b69d4a5e1f6930145debd5adb2a9f93dd052bfb442cbd0141277b
4c136270ca4c17edb77985aca570e291fa77abaaa48761f85e184892089164a6
3aae73ff8ff5973c74af5a7991ca6a57ce797b7b775e1358efd9d76b67b5797b
1906e7d5a745a364c91f5e230e16e1566721ace1183a57e8d25ff437664c7d02
089809e73354648b3caed7db6bc24dcce4f2ef0f327206fd14f36c6619d9ed30
65.20.76.211
65.20.73.72
65.20.82.212
65.20.70.110
65.20.69.80
65.20.66.214
49.204.77.162
65.20.66.128
206.189.136.180
43.152.200.62
38.60.254.243
157.245.107.16
159.89.170.164
159.65.158.28
143.110.244.132
143.110.250.11
146.190.18.167
142.93.223.200
14.161.4.152
139.84.163.162
139.84.166.131
139.84.165.248
139.59.37.50
139.84.130.178
139.84.137.139
134.209.156.5
139.59.35.77
134.209.147.60
113.160.186.153
117.2.82.149
65.60.14.246
206.189.140.171
115.79.207.240
203.159.95.197
110.34.166.198
103.180.161.123
Attack Patterns
CoolClient
QuickHeal
RainyDay - S0629
T1571
T1210
T1592
T1056
T1003
Additional Informations
Education
Telecommunications