Soft Cell Hackers Have New Targets
An espionage group is thought to be responsible for an international hacking campaign targeting global telecommunications companies for information and personal data of government officials, activists, and dissidents of interest to China.
In a new development, the so called “Operation Soft Cell” campaign has been observed targeting Middle East telecom providers since the beginning of 2023 and researchers at QGroup and SentinelOne have concluded that a Chinese threat actor has indeed conducted these attacks.
The new series of attacks are part of what SentinelOne researchers described as “Operation Tainted Love,” a cyber-espionage campaign exhibiting “a well-maintained, versioned credential theft capability” and a new dropper mechanism.
The threat actors begin the attacks by infiltrating Internet-facing Microsoft Exchange servers. These servers are then leveraged to deploy web shells for command execution.
The campaign is centered around custom credential theft malware. “The initial attack phase involves infiltrating internet-facing Microsoft Exchange servers to deploy web shells used for command execution,” wrote SentinelOne senior threat researcher Aleksandar Milenkoski in an advisory published recently.
“Once a foothold is established, the attackers conduct a variety of reconnaissance, credential theft, lateral movement and data exfiltration activities.” Milenkoski has highlighted that the deployment of custom credential theft malware is the main novelty of the new campaign, which relies on malware incorporating modifications to the code of the Mimikatz post-exploitation tool
The campaign has not been attributed to a specific known threat actor despite the links to Operation Soft Cell, however, Chinese cyber espionage threat actors are known to have a strategic interest in the Middle East. This is evident from their consistent targeted attacks on various entities, including government, finance, entertainment, and telecommunication organisations. The recent activities targeting the telecommunication sector are the latest of such attacks.
SentinelOne: Sentinel Labs: Bank Info Security: Oodaloop:
Infosecurity Magazine: Business Mondays: The Cyber Wire:
You Might Also Read:
Significant Growth In State-Sponsored Cyber Attacks:
___________________________________________________________________________________________
If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.
- Individual £5 per month or £50 per year. Sign Up
- Multi-User, Corporate & Library Accounts Available on Request
- Inquiries: Contact Cyber Security Intelligence
Cyber Security Intelligence: Captured Organised & Accessible