This article has been indexed from E Hacking News – Latest Hacker News and IT Security News
Just as the US was completing its withdrawal from Afghanistan, several China-linked cyberespionage groups were seen intensifying attacks on a major telecom corporation. Recorded Future, a threat intelligence firm, reported on Tuesday that it has witnessed four different Chinese threat groups target a mail server belonging to Roshan, a large telecom provider in Afghanistan with over 6.5 million subscribers.
According to Doug Madory, Director of Internet Analysis at Kentik and a veteran observer of worldwide traffic trends, “Roshan is one of the largest suppliers of Internet access to the people of Afghanistan” and a major source of online traffic in and out of the nation.
Calypso and RedFoxtrot, as well as two different Winnti and PlugX activity clusters that Recorded Future researchers were unable to link to other known actors, carried out the attacks. The researchers believe it’s not unusual for Chinese hackers to target the same Roshan mail server because they often have diverse intelligence requirements and don’t coordinate their actions.
Some of the groups had been able to access the mail server for months, but the attacks seemed to pick up steam in August and September, just as US forces were leaving Afghanistan. During this time, the researchers noted an uptick in data exfiltration activity.
Roshan was told of the compromises by Recorded Future before Insikt Group made the assaults public. A Chinese Embassy spokesperson described pinpointing the source of cyber assaults as a “difficult technological problem” in an email sent after the report was posted.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: Threat Actors from China Infiltrated a Major Afghan Telecom Provider