Our last story from the week details researchers who say China-linked APTs lure victims with bogus Huawei career pages, dubbed “Operation Dianxun.” Threatpost brings us more on this story.
Chinese-language APTs are targeting telecom companies in cyber espionage campaigns aimed at stealing sensitive data and trade secrets tied to 5G technology, according to researchers.
“While the initial vector for the infection is not entirely clear. [We believe] with a medium level of confidence that victims were lured to a domain under control [a] the threat actor, from which they were infected with malware,” according to McAfee researchers in a Tuesday report.
Given the specific tactics used in this campaign, researchers surmised it to be the work of known Chinese-language APTs RedDelta and Mustang Panda. RedDelta was last believed to be behind cyber attacks against the Vatican and other Catholic Church-related institutions last year. In those attacks, adversaries leveraged spear phishing emails laced with malware that ultimately pushed the PlugX remote access tool (RAT) as the final payload.
Meanwhile, Mustang Panda has been linked to cyberespionage attacks on non-governmental organizations (NGOs) with a focus on gathering intelligence on Mongolia by using shared malware like Poison Ivy or PlugX. The group also is known to shift tactics and adopt new tools quickly, researchers have noted.
This time around, the groups seem focused on retrieving sensitive data and aiming to spy on companies related to 5G technology. The campaign is likely related to a number of countries’ decision to ban the use of Chinese equipment from Huawei in the global rollout of the next-generation wireless telecommunications technology.
This content was originally published here.