Watch the On-Demand Version of Our Operation Soft Cell Webinar Due to their wide availability and the fundamental service they bring, telecommunications providers have become critical infrastructure for the majority of world powers. These telecommunications providers have been expanding in size, to the point where In the past thirteen years, mobile cellular phone subscribers have quadrupled in size and sit at 8 billion subscribers today. In 2018, 30% of the telecommunications providers reported sensitive customer information was stolen due to an attack. Watch our CEO Lior Div's keynote on the operation. MAINTAINING A LONG-TERM FOOTHOLD AND STEALING DATA
INITIAL COMPROMISE: THE MODIFIED CHINA CHOPPER WEB SHELL Proactively hunt in your environment for sensitive assets periodically.
Use an EDR tool to give visibility and immediate response capabilities when high severity incidents are detected. Make sure that all web servers and web services that are exposed are patched. For example, use WAF (Web Application FW) to prevent trivial attacks on Internet-facing web servers.Įxpose as few systems or ports to the Internet as possible. Security RecommendationsĪdd an additional security layer for web servers. The tools and TTPs used are commonly associated with Chinese threat actorsĭuring the persistent attack, the attackers worked in waves- abandoning one thread of attack when it was detected and stopped, only to return months later with new tools and techniques.
#HOPPER DISASSEMBLER FOR DYNAMIC ANALYSIS PASSWORD#
The threat actor was attempting to steal all data stored in the active directory, compromising every single username and password in the organization, along with other personally identifiable information, billing data, call detail records, credentials, email servers, geo-location of users, and more. The attack was aiming to obtain CDR records of a large telecommunications provider.
Key PointsĮarlier this year, Cybereason identified an advanced, persistent attack targeting telecommunications providers that has been underway for years, soon after deploying into the environment.Ĭybereason spotted the attack and later supported the telecommunications provider through four more waves of the advanced persistent attack over the course of 6 months.īased on the data available to us, Operation Soft Cell has been active since at least 2012, though some evidence suggests even earlier activity by the threat actor against telecommunications providers. This multi-wave attacks focused on obtaining data of specific, high-value targets and resulted in a complete takeover of the network.Ĭontact us to chat with a Cybereason Defender about Operation Soft Cell. In 2018, the Cybereason Nocturnus team identified an advanced, persistent attack targeting global telecommunications providers carried out by a threat actor using tools and techniques commonly associated with Chinese-affiliated threat actors, such as APT10. Research by: Mor Levi, Assaf Dahan, and Amit Serper EXECUTIVE SUMMARY
0 kommentar(er)
