June 20, 2024 at 11:54AM
Symantec reports that telecommunications companies in an unnamed Asian country have been targeted by Chinese espionage groups since at least 2021. The campaign included the use of custom backdoors such as Coolclient, Quickheal, and Rainyday, associated with known Chinese state-sponsored threat actors. The motive and collaboration among the threat actors remain unclear.
The meeting notes from Symantec report on a long-running campaign targeting telecommunications companies in an unspecified Asian country with tools associated with Chinese espionage groups. The campaign has been active since at least 2021 and has targeted telecoms operators, a telco service provider, and a university in another country. The custom backdoors used in the campaign, such as Coolclient, Quickheal, and Rainyday, have been linked to known Chinese state-sponsored threat actors, some of which have been active for over a decade. The tools used in the campaign have strong associations with multiple Chinese groups, and at least three of the custom backdoors deployed are believed to be used exclusively by Chinese espionage actors. The cybersecurity firm concludes that the ultimate motive of the intrusion campaign remains unclear, with potential motives including gathering intelligence, eavesdropping, or attempting to build a disruptive capability against critical infrastructure.
Related to this, there have been reports of Highly Evasive SquidLoader Malware targeting China, state-backed experts cracking Apple’s AirDrop, and Meta fighting a sprawling Chinese ‘Spamouflage’ operation.