Intelligent CIO APAC Issue 16 - Page 55

• Microsoft Exchange vulnerabilities exploited : Similar to the HAFNIUM attacks , the threat actors exploited recently disclosed vulnerabilities in Microsoft Exchange Servers to gain access to the targeted networks . They then proceeded to compromise critical network assets such as Domain Controllers ( DC ) and billing systems which contain highly sensitive information like Call Detail Record ( CDR ) data , allowing them access to the sensitive communications of anyone using the affected telecoms ’ services .
• High value espionage targets : Based on previous findings from the Operation Soft Cell Report Cybereason published in 2019 , as well as other published analysis of operations conducted by these threat actors , it is assessed that the telecoms were compromised in order to facilitate espionage against select targets . These targets are likely to include corporations , political figures , government officials , law enforcement agencies , political activists and dissident factions of interest to the Chinese government .
• Operating in the interest of China : Three distinct clusters of attacks have varying degrees of connection to APT groups Soft Cell , Naikon and Group-3390 – all known to operate in the interest of the Chinese government . Overlaps in attacker TTPs across the clusters are evidence of a likely connection between the threat actors , supporting the assessment that each group was tasked with parallel objectives in monitoring the communications of specific high value targets under the direction of a centralized co-ordinating body aligned with Chinese state interests .
• Potential for broader impact : These attacks compromised telcos primarily in ASEAN countries , but the attacks could be replicated against telcos in other regions . While the prevailing assessment is that the operations were intended for espionage purposes only , the fact remains that had the attackers decided to change their objectives from espionage to interference , they would have had the ability to disrupt communications for any of the affected telecoms ’ customers . p
Cybereason CEO and Cofounder Lior Div
www . intelligentcio . com INTELLIGENTCIO APAC 55