Soft Cell Hackers Have New Targets

Uploaded on 2023-04-18 in TECHNOLOGY--Hackers, INTELLIGENCE-Hot Spots-China, FREE TO VIEW

An espionage group is thought to be responsible for an international hacking campaign targeting global telecommunications companies for information and personal data of government officials, activists, and dissidents of interest to China. 

In a new development, the so called “Operation Soft Cell” campaign has been observed targeting Middle East telecom providers since the beginning of 2023 and researchers at  QGroup and SentinelOne have concluded that a Chinese threat actor has indeed conducted these attacks.

The new series of attacks are part of what SentinelOne researchers described as “Operation Tainted Love,” a cyber-espionage campaign exhibiting “a well-maintained, versioned credential theft capability” and a new dropper mechanism. 

The threat actors begin the attacks by infiltrating Internet-facing Microsoft Exchange servers. These servers are then leveraged to deploy web shells for command execution. 

The campaign is centered around custom credential theft malware. “The initial attack phase involves infiltrating internet-facing Microsoft Exchange servers to deploy web shells used for command execution,” wrote SentinelOne senior threat researcher Aleksandar Milenkoski in an advisory published recently. 

“Once a foothold is established, the attackers conduct a variety of reconnaissance, credential theft, lateral movement and data exfiltration activities.” Milenkoski has highlighted that the deployment of custom credential theft malware is the main novelty of the new campaign, which relies on malware incorporating modifications to the code of the Mimikatz post-exploitation tool 

The campaign has not been attributed to a specific known threat actor despite the links to Operation Soft Cell, however, Chinese cyber espionage threat actors are known to have a strategic interest in the Middle East. This is evident from their consistent targeted attacks on various entities, including government, finance, entertainment, and telecommunication organisations. The recent activities targeting the telecommunication sector are the latest of such attacks.

SentinelOne:    Sentinel Labs:    Bank Info Security:  Oodaloop:   

Infosecurity Magazine:      Business Mondays:     The Cyber Wire:

You Might Also Read: 

Significant Growth In State-Sponsored Cyber Attacks:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Israeli Hacking Spyware In Widespread Use
As A Business Leader, You Must Manage Cyber Risk  »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

InfoSecurity Magazine

InfoSecurity Magazine

Infosecurity Magazine has over ten years of experience providing knowledge and insight into the information security industry.

Pyramid Computer

Pyramid Computer

Pyramid Computer provides custom enterprise solutions for Industrial PC, Imaging, Network, Security, POS, Indoor Positioning and Automation.

National Association of State Chief Information Officers (NASCIO)

National Association of State Chief Information Officers (NASCIO)

NASCIO's Cybersecurity Committee focuses helps state CIOs to formulate high-level security and data protection policies and technical controls.

Watchcom Security Group

Watchcom Security Group

Watchcom is one of Norway's foremost suppliers of information security consultancy services.

Data61

Data61

Data61 is Australia’s leading digital research network offering the research capabilities, IP and collaboration programs to unleash the country’s digital & data-driven potential.

Austrian Trust Circle

Austrian Trust Circle

Austrian Trust Circle is an initiative of CERT.at and the Austrian Federal Chancellery and consists of Security Information Exchanges in the areas of the strategic information infrastructure.

CyberProof

CyberProof

CyberProof aims to give clarity and confidence to businesses worldwide using a new risk-based approach to cyber security services.

Blaze Information Security

Blaze Information Security

Blaze Information Security is a privately held, independent information security firm born from years of combined experience and international presence.

Approachable Certification

Approachable Certification

Approachable Certification is a UKAS accredited certification body offering down-to-earth and competitively priced audits against ISO Management Systems standards.

Hallam-ICS

Hallam-ICS

Hallam-ICS designs MEP systems for facilities and plants, control and automation solutions, and ensures safety and regulatory compliance.

Tines

Tines

The Tines security automation platform helps security teams automate manual tasks, making them more effective and efficient.

Sectra Communications

Sectra Communications

Sectra successfully develops and sells cutting-edge solutions in the expanding niche segments of medical IT and cybersecurity.

Black Hills Information Security (BHIS)

Black Hills Information Security (BHIS)

Black Hills Information Security provide security testing and vulnerability assessment services.

Singular Security

Singular Security

Singular Security help public and private organizations minimize cybersecurity risk and pass their IT compliance audit.

NAK Consulting Services

NAK Consulting Services

NAK is helping organisations to create Secure, Agile IT Environments. Our goal is to be the trusted advisor and managed service partner for our clients.

Creative ITC

Creative ITC

Creative ITC is a leading infrastructure and cloud enablement company. We design and deliver exceptional managed services and cloud solutions.