Cybereason analysts have found that in recent years, at least five major telecommunications service providers in Southeast Asia, serving tens of millions of customers, have been affected by the DeadRinger attack, which was carried out by at least three different Chinese hack groups.
At the moment, these attacks seem to be the starting point of a major spy campaign. We all carry a device in our pocket that knows where we are, where we were and with whom.the experts say.
The attacks detected are associated with three hack groups:
These groups have used different methods to hack the same telecommunications companies, and some of them have remained active on victims’ networks for years, with some of the hacks occurring as early as 2017.
All groups are associated with the Chinese government, and as often used similar tools and tactics and attacked the same targets at the same time. So, the presence of different hackers was noticed simultaneously at the same endpoints. However, it is unclear whether the attackers were instructed to attack telecommunications companies separately, or whether the attacks were coordinated from a single source.
Experts suggest that all these attacks could be related, but in an interview with journalists from The Record, they admitted that they do not yet have conclusive evidence of this theory:
Let me remind you that we talked about how Chinese hackers attacked Ragnarok Online Developers.