Friend
Professional
- Messages
- 2,653
- Reaction score
- 850
- Points
- 113
A new malware has been detected in the networks of the largest telecom operators.
A hacking group linked to the Chinese Communist Party has infiltrated the networks of a number of U.S. ISPs as part of a cyberespionage campaign to extract sensitive data. This was reported today, September 26, by The Wall Street Journal.
The reported malicious activity is associated with the Salt Typhoon group, also known as FamousSparrow, and GhostEmperor. According to the publication, investigators are investigating whether the attackers gained access to Cisco Systems routers, key network components through which a significant part of Internet traffic passes.
The goal of the attacks is to gain permanent access to victims' networks, which will allow hackers not only to collect sensitive information, but also to carry out destructive cyberattacks in the future.
GhostEmperor came to prominence in October 2021 when experts from Kaspersky Lab discovered the group's long-term operation in Southeast Asia. Hackers have used the Demodex malware to compromise targets in Malaysia, Thailand, Vietnam, Indonesia, as well as Egypt, Ethiopia, and Afghanistan.
In July 2024, Sygnia reported that one of its customers was affected by the group's actions in 2023. Hackers managed to penetrate the victim's business partner's networks, where they found compromised servers, workstations, and accounts, as well as tools for communicating with command and control servers. One of these tools turned out to be a new variant of Demodex.
The incident occurred shortly after the US government significantly disrupted the operation of the Raptor Train botnet, consisting of 260 thousand devices. This botnet is operated by another Chinese hacker group, Flax Typhoon.
The GhostEmperor case appears to be another attempt by Chinese state-owned hackers to target telecommunications companies, ISPs, and other key infrastructure in the U.S. and other countries.
Source
A hacking group linked to the Chinese Communist Party has infiltrated the networks of a number of U.S. ISPs as part of a cyberespionage campaign to extract sensitive data. This was reported today, September 26, by The Wall Street Journal.
The reported malicious activity is associated with the Salt Typhoon group, also known as FamousSparrow, and GhostEmperor. According to the publication, investigators are investigating whether the attackers gained access to Cisco Systems routers, key network components through which a significant part of Internet traffic passes.
The goal of the attacks is to gain permanent access to victims' networks, which will allow hackers not only to collect sensitive information, but also to carry out destructive cyberattacks in the future.
GhostEmperor came to prominence in October 2021 when experts from Kaspersky Lab discovered the group's long-term operation in Southeast Asia. Hackers have used the Demodex malware to compromise targets in Malaysia, Thailand, Vietnam, Indonesia, as well as Egypt, Ethiopia, and Afghanistan.
In July 2024, Sygnia reported that one of its customers was affected by the group's actions in 2023. Hackers managed to penetrate the victim's business partner's networks, where they found compromised servers, workstations, and accounts, as well as tools for communicating with command and control servers. One of these tools turned out to be a new variant of Demodex.
The incident occurred shortly after the US government significantly disrupted the operation of the Raptor Train botnet, consisting of 260 thousand devices. This botnet is operated by another Chinese hacker group, Flax Typhoon.
The GhostEmperor case appears to be another attempt by Chinese state-owned hackers to target telecommunications companies, ISPs, and other key infrastructure in the U.S. and other countries.
Source
