Hackers pretended to be Huawei to try and steal 5G secrets

Attackers spoofed a Huawei website to steal information linked with 5G technology

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Researchers have identified an extensive cyberespionage campaign designed to exfiltrate sensitive data from telecoms companies worldwide.

According to the Advanced Threat Research (ATR) team at security company McAfee, attacks have been directed at telecoms firms in Europe, Southeast Asia and the US, likely with the goal of “stealing sensitive or secret information in relation to5Gtechnology”.

The campaign, named Operation Diànxùn, sees victims infected withmalwarethat has been dressed up as Flash applications. This malware is then used to locate, gather and extract sensitive information stored on the infected network.

“While the initial vector for the infection is not entirely clear, we believe with a medium level of confidence that victims were lured to a domain under control of the threat actor,” explained McAfee in ablog post.

The domain in question, “hxxp://update.careerhuawei.net”, is designed to mimic the legitimate Huawei careers website, which is likely to be visited by members of the telecoms industry. McAfee was at pains to make clear that Huawei itself was not involved in the campaign.

Telecoms industry under attack

Although the identity of the operators is yet to be confirmed, McAfee claims the tactics, techniques and procedures (TTPs) on display are similar to those used by Chinese cybercriminal syndicates RedDelta and Mustang Panda.

Attacks linked with RedDelta were first spotted in the wild in May last year, targeting the Catholic Church and other religious organizations. The shared characteristics of attacks launched by RedDelta and Mustang Panda suggest the two groups may be one and the same, says McAfee.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

The security firm believes “with a moderate level of confidence” that the recent attacks on telecoms companies have something to do with restrictions on the use of Chinese 5G equipment put in place by some countries, but offered no further explanation.

It is unclear how many of the 23 affected telecoms providers were successfully compromised as a result of the campaign.

To shield against cyberthreats of this kind, McAfee has advised businesses to employ a multi-layered approach, spanning web vector protection, signature and behavioral analysis,endpoint protectionand more.

Joel Khalili is the News and Features Editor at TechRadar Pro, covering cybersecurity, data privacy, cloud, AI, blockchain, internet infrastructure, 5G, data storage and computing. He’s responsible for curating our news content, as well as commissioning and producing features on the technologies that are transforming the way the world does business.

Phishing attacks surge in 2024 as cybercriminals adopt AI tools and multi-channel tactics

This new phishing strategy utilizes GitHub comments to distribute malware

Arcane season 2 finally gave us the huge Caitlyn and Vi moment we’ve been waiting for – and its creators say ‘we couldn’t have done it in season one’