How hackers are targeting telcos to steal 5G secrets

Share:

Share on facebook
Share on twitter
Share on linkedin

Using Huawei Careers page-lookalike site to lure other telcos’ employees

Suspected China-backed hackers are targeting telcos around the globe in an attempt to steal sensitive data, including 5G network information.

The cyber espionage campaign, dubbed Operation Dianxun by security firm McAfee, is actively going after telcos mostly located in Southeast Asia, Europe, and the United States.

At least 23 telcos have been targeted by the campaign, which appears to have been perpetrated by the China-backed group known as Mustang Panda or RedDelta, McAfee said. It has not yet identified any targets in Australia.

Huawei EU Careers (@careers_huawei) | Twitter
The malicious site – designed to look like Huawei’s corporate careers page – delivers malware disguised as a legitimate Flash application to the victim’s machine.

It is unclear how the hackers initially lure victims to their phishing website, McAfee noted.

But once there, the malicious site – designed to look like Huawei’s corporate careers page – delivers malware disguised as a legitimate Flash application to the victim’s machine.

Huawei is not involved itself in the campaign.

The malware then drops a backdoor that gives the hackers remote access to the computer.

The hackers appear to be specifically targeting telco employees with specific knowledge of 5G technology, McAfee said.

The security firm suggested the group’s motivation could relate to decisions by a number of countries to ban the use of Chinese technology in the global 5G rollout.

Mustang Panda has long been linked to attacks that aim to further the Chinese government’s interests; it was recently claimed to be behind a campaign that targeted the Vatican and other Catholic organisations in Hong Kong and Italy. It has also previously targeted thinktanks and non-government organisations that have relationships with the Mongolian government.

Having strong endpoint security controls as well as an alert workforce can help protect networks from these kind of attacks, McAfee said. 

Ahmed Khanji

Ahmed Khanji

Ahmed Khanji is the CEO of Gridware, a leading cybersecurity consultancy based in Sydney, Australia. An emerging thought leader in cybersecurity, Ahmed is an Adjunct Professor at Western Sydney University and regularly contributes to cybersecurity conversations in Australia. As well as his extensive background as a security advisor to large Australian enterprises, he is a regular keynote speaker and guest lecturer on offensive cybersecurity topics and blockchain.

Emergency Assistance

Under Attack?

Please fill out the form and we will respond ASAP. Alternatively, click the button to call us now.