Using Huawei Careers page-lookalike site to lure other telcos’ employees
Suspected China-backed hackers are targeting telcos around the globe in an attempt to steal sensitive data, including 5G network information.
The cyber espionage campaign, dubbed Operation Dianxun by security firm McAfee, is actively going after telcos mostly located in Southeast Asia, Europe, and the United States.
At least 23 telcos have been targeted by the campaign, which appears to have been perpetrated by the China-backed group known as Mustang Panda or RedDelta, McAfee said. It has not yet identified any targets in Australia.
It is unclear how the hackers initially lure victims to their phishing website, McAfee noted.
But once there, the malicious site – designed to look like Huawei’s corporate careers page – delivers malware disguised as a legitimate Flash application to the victim’s machine.
Huawei is not involved itself in the campaign.
The malware then drops a backdoor that gives the hackers remote access to the computer.
The hackers appear to be specifically targeting telco employees with specific knowledge of 5G technology, McAfee said.
The security firm suggested the group’s motivation could relate to decisions by a number of countries to ban the use of Chinese technology in the global 5G rollout.
Mustang Panda has long been linked to attacks that aim to further the Chinese government’s interests; it was recently claimed to be behind a campaign that targeted the Vatican and other Catholic organisations in Hong Kong and Italy. It has also previously targeted thinktanks and non-government organisations that have relationships with the Mongolian government.
Having strong endpoint security controls as well as an alert workforce can help protect networks from these kind of attacks, McAfee said.