Soft Cell Hackers Have New Targets

An espionage group is thought to be responsible for an international hacking campaign targeting global telecommunications companies for information and personal data of government officials, activists, and dissidents of interest to China. 

In a new development, the so called “Operation Soft Cell” campaign has been observed targeting Middle East telecom providers since the beginning of 2023 and researchers at  QGroup and SentinelOne have concluded that a Chinese threat actor has indeed conducted these attacks.

The new series of attacks are part of what SentinelOne researchers described as “Operation Tainted Love,” a cyber-espionage campaign exhibiting “a well-maintained, versioned credential theft capability” and a new dropper mechanism. 

The threat actors begin the attacks by infiltrating Internet-facing Microsoft Exchange servers. These servers are then leveraged to deploy web shells for command execution. 

The campaign is centered around custom credential theft malware. “The initial attack phase involves infiltrating internet-facing Microsoft Exchange servers to deploy web shells used for command execution,” wrote SentinelOne senior threat researcher Aleksandar Milenkoski in an advisory published recently. 

“Once a foothold is established, the attackers conduct a variety of reconnaissance, credential theft, lateral movement and data exfiltration activities.” Milenkoski has highlighted that the deployment of custom credential theft malware is the main novelty of the new campaign, which relies on malware incorporating modifications to the code of the Mimikatz post-exploitation tool 

The campaign has not been attributed to a specific known threat actor despite the links to Operation Soft Cell, however, Chinese cyber espionage threat actors are known to have a strategic interest in the Middle East. This is evident from their consistent targeted attacks on various entities, including government, finance, entertainment, and telecommunication organisations. The recent activities targeting the telecommunication sector are the latest of such attacks.

SentinelOne:    Sentinel Labs:    Bank Info Security:  Oodaloop:   

Infosecurity Magazine:      Business Mondays:     The Cyber Wire:

You Might Also Read: 

Significant Growth In State-Sponsored Cyber Attacks:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« Israeli Hacking Spyware In Widespread Use
As A Business Leader, You Must Manage Cyber Risk  »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Pen Test Partners LLP

Pen Test Partners LLP

Pen Test Partners provides penetration testing, security assessment and training services.

Clifford Chance

Clifford Chance

Clifford Chance are one of the world's pre-eminent law firms with resources across five continents. Practice areas include Cyber Security & Information Protection

Micron Technology

Micron Technology

Micron is a global leader in the semiconductor industry providing memory and secure storage devices for Networks, Mobile devices and IoT applications.

Infosec (T) Ltd

Infosec (T) Ltd

Infosec (T) Limited is an independent Tanzania based consultancy specializing in IT governance, information security and IT audit.

Cybertron

Cybertron

Cybertron services include real-time monitoring and incident response and a cyber range for competency development.

Exeon Analytics

Exeon Analytics

Exeon Analytics is a Swiss cyber security company that is specialized in detecting hidden data breaches and advanced cyber attacks.

SOFTwarfare

SOFTwarfare

SOFTwarfare deliver high-quality, reliable and secure enterprise application integrations through RESTful APIs for Cyber, Ops & Dev.

Pivot Point Security

Pivot Point Security

Pivot Point Security is a trusted leader in information security consulting. We help clients master their information security management systems.

Broadcom

Broadcom

Broadcom is a global technology leader that designs, develops and supplies a broad range of semiconductor and infrastructure software solutions.

CyNam

CyNam

CyNam is a platform for enabling the growth and development of people and organisations within Cheltenham’s flourishing cyber technology ecosystem.

Cyberi

Cyberi

Cyberi provide specialist technical consultancy and cyber advisory services, from penetration testing and assurance to incident management and response, and technical security research.

Aceiss

Aceiss

Aceiss empowers access security, providing unprecedented visibility and insights into user access.

Aunalytics

Aunalytics

Aunalytics is a data platform company that delivers insights as a service to answer your most important IT and business questions.

Silence Laboratories

Silence Laboratories

Silence Laboratories is a cybersecurity company that focuses on the fusion of cryptography, sensing, and design to support a seamless authentication experience.

Mogwai Labs

Mogwai Labs

Mogwai Labs deliver cutting-edge penetration tests, security assessments and trainings, to safeguard your applications, networks and cloud environments from cyber threats.

Opkalla

Opkalla

We started Opkalla because we believe IT professionals deserve better. We help our clients navigate the confusion in the marketplace and choose the solution that is right for your business.