SecuriTricks - Attack Report

External References

https://symantec-enterprise-blogs.security.com/

https://otx.alienvault.com/

Description

Attackers using tools associated with Chinese espionage groups have breached multiple telecom operators in a single Asian country in a long-running espionage campaign. The attackers placed backdoors on the networks of targeted companies and also attempted to steal credentials.

Date

Published	Created	Modified
June 20, 2024, 4:46 p.m.	June 20, 2024, 4:46 p.m.	June 20, 2024, 5:12 p.m.

Indicators

f45dabd683795f099a40553e5d85c9bc8a15bb964c992b45cec48c620ff78fdb

e32c5e6d70895f0d071f420b7ff28c6fe0eaf2c08eeebe39122b3b1fd1981473

dc9a12574f8c3b5bed6043b1cd3fd43672779d132c864bb22ae8b0a5dee24576

c61daa0df88a33387b94b22bfc0b68d1211a57357aff401613c07832b5192fc0

c348eba51897fbd55ca3ffdaab21259b8f73688e6e008b923ebc597c6272d2d9

6ad67d7f76986359865667bdd51ba267f6bd7e560270512074448dd7b088bcb7

6a5fdbe9579b69d4a5e1f6930145debd5adb2a9f93dd052bfb442cbd0141277b

4c136270ca4c17edb77985aca570e291fa77abaaa48761f85e184892089164a6

3aae73ff8ff5973c74af5a7991ca6a57ce797b7b775e1358efd9d76b67b5797b

1906e7d5a745a364c91f5e230e16e1566721ace1183a57e8d25ff437664c7d02

089809e73354648b3caed7db6bc24dcce4f2ef0f327206fd14f36c6619d9ed30

65.20.76.211

65.20.73.72

65.20.82.212

65.20.70.110

65.20.69.80

65.20.66.214

49.204.77.162

65.20.66.128

206.189.136.180

43.152.200.62

38.60.254.243

157.245.107.16

159.89.170.164

159.65.158.28

143.110.244.132

143.110.250.11

146.190.18.167

142.93.223.200

14.161.4.152

139.84.163.162

139.84.166.131

139.84.165.248

139.59.37.50

139.84.130.178

139.84.137.139

134.209.156.5

139.59.35.77

134.209.147.60

113.160.186.153

117.2.82.149

65.60.14.246

206.189.140.171

115.79.207.240

203.159.95.197

110.34.166.198

103.180.161.123

Attack Patterns

CoolClient

QuickHeal

RainyDay - S0629

T1571

T1210

T1592

T1056

T1003

Additional Informations

Education

Telecommunications

Sustained Campaign Using Chinese Espionage Tools Targets Telcos

Tags