We have a new cyber espionage campaign on our plates and we are already stuffed to the gills with other cyberattacks. However, this campaign now demands our attention. So, let’s get on with it.

Diving into details

Dubbed Operation Diànxùn, this espionage campaign is targeting telecom companies. The first activity was observed in August 2020 and the campaign has been attributed to the RedDelta threat actor, also known as TA416 and Mustang Panda.  

About the campaign

  • The threat actor leveraged a fake Huawei careers website to lure telecom employees and infect their systems with info stealers.
  • The purpose of the attack is to gain access to confidential information and spy on companies related to 5G technology.
  • Targets were based in the U.S., Europe, and Southeast Asia.

A pinch of history

  • Activities related to RedDelta were observed in early May 2020 and previous attacks were launched against the Vatican and religious organizations.
  • In September 2020, the group moved to using decoy documents related to the UN General Assembly Security Council, Catholicism, and Tibet-Ladakh relations.
  • This was followed by network intrusion activities against two Hong Kong universities and the Myanmar government.

Based on the TTPs gathered, the above activities have been attributed to TA416. 

Stay safe

McAfee recommended building an “adaptive and integrated” security infrastructure that would help avoid falling victims to such threats.

All things considered

Chinese APT groups have been in the news for quite some time now and their attacks are getting more devious with every passing day. It is believed that Operation Diànxùn could be the result of the ban of Huawei in various countries. It should be noted that although the campaign has been attributed to RedDelta based on similar TTPs, no other evidence has been found to be pointing towards that.

Cyware Publisher

Publisher

Cyware