Following the discovery of the Hafnium attacks targeting Microsoft Exchange vulnerabilities, the Cybereason Nocturnus and Incident Response teams hunted for various threat actors attempting similar techniques.
Earlier this year, the Cybereason Nocturnus Team identified clusters of intrusions targeting the telecommunications industry across Southeast Asia and identified three clusters of activity which were shown to have significant connections to known threat actors, all of which were suspected of operating on behalf of Chinese state interests.
Watch an exclusive webinar recording from the Cybereason Nocturnus Team on the results of the report: Who is behind multiple intrusions targeting Southeast Asian telcos?
This report, which comes hot on the heels of the US government’s public rebuke of China’s Ministry of State Security for the recent Hafnium attacks, reveals the goal of the attackers behind these latest intrusions in Southeast Asia and how they were able to facilitate cyber espionage by collecting sensitive information and compromising high-profile business assets.
Download this report to discover:
- How threat actors attempted to steal compromising, high-profile assets and sensitive information as Microsoft Exchange servers, domain controllers (DC) and billing systems.
- What connects the three clusters of intrusions identified in the investigation and how all groups were known to operate on behalf of Chinese state interests.
- Where overlaps between the intrusions among the clusters exist and how they potentially indicate a connection or collaboration between the different threat actors.