Telcos subjected to China-linked cyberespionage campaign

Telecommunications providers in South Asia and Southeastern Europe have been targeted by China-linked threat operation UAT-7290, in cyberespionage attacks that involved extensive reconnaissance, reports The Hacker News.

Intrusions by UAT-7290, which overlaps with other China-nexus groups RedFoxtrot and Stone Panda, primarily led to the deployment of a Linux-based malware suite with the RushDrop dropper, or ChronosRAT, and DriveSwitch malware that facilitates subsequent delivery of the C++-based SilentRaid malware, also known as MystRodX, which ensures persistence on targeted systems, according to an analysis from Cisco Talos researchers.

UAT-7290 which has also harnessed other China-linked Windows payloads, including ShadowPad and RedLeaves, also known as BUGJUICE is also believed to have created Operational Relay Box nodes. "The ORB infrastructure may then be used by other China-nexus actors in their malicious operations, signifying UAT-7290's dual role as an espionage-motivated threat actor as well as an initial access group," said researchers.