Skip to main content

Hackers pretended to be Huawei to try and steal 5G secrets

Fraud
(Image credit: Shutterstock / Sapann Design)

Researchers have identified an extensive cyberespionage campaign designed to exfiltrate sensitive data from telecoms companies worldwide.

According to the Advanced Threat Research (ATR) team at security company McAfee, attacks have been directed at telecoms firms in Europe, Southeast Asia and the US, likely with the goal of “stealing sensitive or secret information in relation to 5G technology”.

The campaign, named Operation Diànxùn, sees victims infected with malware that has been dressed up as Flash applications. This malware is then used to locate, gather and extract sensitive information stored on the infected network.

“While the initial vector for the infection is not entirely clear, we believe with a medium level of confidence that victims were lured to a domain under control of the threat actor,” explained McAfee in a blog post.

The domain in question, “hxxp://update.careerhuawei.net”, is designed to mimic the legitimate Huawei careers website, which is likely to be visited by members of the telecoms industry. McAfee was at pains to make clear that Huawei itself was not involved in the campaign.

Telecoms industry under attack

Although the identity of the operators is yet to be confirmed, McAfee claims the tactics, techniques and procedures (TTPs) on display are similar to those used by Chinese cybercriminal syndicates RedDelta and Mustang Panda.

Attacks linked with RedDelta were first spotted in the wild in May last year, targeting the Catholic Church and other religious organizations. The shared characteristics of attacks launched by RedDelta and Mustang Panda suggest the two groups may be one and the same, says McAfee.

The security firm believes “with a moderate level of confidence” that the recent attacks on telecoms companies have something to do with restrictions on the use of Chinese 5G equipment put in place by some countries, but offered no further explanation.

It is unclear how many of the 23 affected telecoms providers were successfully compromised as a result of the campaign.

To shield against cyberthreats of this kind, McAfee has advised businesses to employ a multi-layered approach, spanning web vector protection, signature and behavioral analysis, endpoint protection and more.