Cybereason Nocturnos has published a new report disclosing the discovery of three cyberespionage campaigns that have been targeting major telecommunications companies. The attackers are suspected to be working for “Chinese state interests” and have been tied to the name “DeadRinger”. The campaign have been ongoing in Southeast Asia, and have been specifically focused on telcos, similarly to the recent cases of SolarWinds and Kaseya.
Cybereason has found overlaps within the tactics and techniques used by other known Chinese APTs, and, therefore, believe these attacks can also be attributed to advanced persistent threat groups linked to Chinese state-sponsorships. The oldest example of the three campaigns dates back to 2017.