According to McAfee security researchers, the China-linked cyber-espionage organisation Mustang Panda is targeting telecommunications companies in Asia, Europe, and the United States for espionage purposes.
The threat actor, also known as RedDelta and TA416, has been linked to the targeting of individuals connected to the Vatican-China Communist Party diplomatic relations, as well as some entities in Myanmar.
According to McAfee, the latest malware attacks use the same methods, strategies, and procedures (TTPs) as Mustang Panda. The initial vector of infection has yet to be identified, but the researchers suspect that victims were lured to a fake website designed to look like Huawei’s official career site.
The first stage of the attack uses a fake Flash application and a phishing page that looks just like the original website, while the second stage uses a.
The net payload was used to further infiltrate the system by installing and handling backdoors. As a third stage, a Cobalt Strike beacon payload is shipped.
The new attacks, known as Operation Diànxùn, were directed at telecommunications companies in Southeast Asia, Europe, and the United States. According to McAfee, the adversary is particularly interested in German, Vietnamese, and Indian telecommunications firms.
“Given the use of the fake Huawei website, we have high confidence that this campaign was targeted at the telecommunications industry. “We have a modest degree of trust that the impetus behind this initiative is related to the global ban on Chinese technology in 5G deployment,” McAfee says.
According to the researchers, the campaign was aimed at stealing confidential or classified information related to 5G technology. According to McAfee, there is no evidence that Huawei was knowingly involved in the attacks.