Even when the world is having its hands full with cyberattacks we are served with a cyber-espionage campaign that demands our immediate attention.
Let us fill you in with its details.
The cyber espionage campaign called Operation Diànxùn is targeting telecom companies. The campaign has been attributed to the RedDelta threat actor, also known as TA416 and Mustang Panda, and its first activity was noticed in August 2020.
The Campaign –
- A fake Huawei careers website was leveraged by the threat actors to lure telecom employees and infect their systems with info stealers.
- The aim of this attack is to gain access to confidential information and spy on companies related to 5G technology.
- Telecom organizations based in the U.S., Europe, and Southeast Asia were the targets of this attack.
Relative incidents in time –
Based on the TTP’s that were gathered by researchers, the following attacks were attributed to the RedDelta threat actor.
- In early May 2020, activities pertaining to the RedDelta threat actors were observed. Their previous attack was launched against the Vatican and religious organizations.
- The group started to use decoy documents related to the UN General Assembly Security Council, Catholicism, and Tibet-Ladakh relations in September 2020.
- Network intrusion activities against two Hong Kong universities and the Myanmar government were then discovered.
Threat actors have been grabbing the headlines for various reasons and noticeably their attacks are getting devious with each passing day. It is rumored that Operation Diànxùn could have been transpired due to the ban of Huawei in various countries. Notably, no other evidence has been found to be pointing towards the specific threat actor even when the campaign has been attributed to RedDelta based on similar TTPs.
To read more, please check eScan Blog
