back to article Research finds cyber-snoops working for 'Chinese state interests' lurking in SE Asian telco networks since 2017

Attack protection specialist Cybereason has fingered threat actors working on behalf of "Chinese state interests" as being behind attacks on telcos operating in Southeast Asia – with some having been prowling the penetrated networks for information on high-value targets since 2017. Cybereason's DeadRinger report, published …

  1. amanfromMars 1 Silver badge

    For the Comforting Peace of a Singularity which Accompanies Total Information Awareness

    Welcome to the Novel NEUKlearer HyperRadioProACTive IT Norm. Revealing Spaces with Safe Harbours for Deep Core Proprietary Intellectual Property Mining of Insecure Secrets.

    And something the General and chairman of the Joint Chiefs of Staff here is actively warning y'all to be prepared to be overwhelmed and defeated by ‽ .

    In the past was forewarned akin to being forearmed, however though, now in the future is that defence facility/ability/utility unavailable as a means for attack.

    And the General has the added burden of an uphill struggle to convince any who would care and/or really matter that he might actually know what he is talking about ...... as may y'all here of all that you have just read here in this post on El Reg.

  2. Anonymous Coward
    Anonymous Coward

    What's the smell?

    ""We identified hundreds of gigabytes of data exfiltrated from the environment during our investigation. The threat actors were after high value targets, including business leaders, government officials, politicians, political activists, law enforcement officials, human rights activists, and anyone the Chinese government feels is of interest.""

    If you actually had all that data, I think you'd sell it to the Chinese, NSO, Israel, USA, Nestle, Monsanto, Oil companies, and everyone else who would pay you big bucks for it.

    If only you could get SE Asian telcos to install surveillance software on their networks, then you could have that data!

  3. Potemkine! Silver badge

    Second, each organisation has its own security posture, relying on different security measures and tools put in place to protect the network

    Tools can protect from 1/3 of the threats. The main line of defence lies on the humans.

    From the report: "the exploitation of trusted security tools and especially anti-virus software is a very known tactic used by many threat actors". Security tools are used as backdoors... who can you trust? No one.

    Is there any parade except having a SOC, something many companies don't want to pay for?

    1. Pascal Monett Silver badge

      Is a SOC even enough when you're up against state-backed actors ?

      1. Lotaresco

        "Is a SOC even enough when you're up against state-backed actors ?"

        Not all SOCs are created equal. Some SOCs are certainly enough when up against state-sponsored actors. The rest of the network has to be appropriately engineered too. A SOC, of itself, isn't sufficient. Also the SOC team has to be on top of its game.

    2. Lotaresco

      "a SOC, something many companies don't want to pay for?"

      A client made me laugh a couple of years ago. They actually wanted a SOC, but balked at providing out of hours service because of the cost. They looked puzzled when I pointed out that even teenage hackers in the same country as the assets to be protected don't work office hours.

  4. Anonymous Coward
    Anonymous Coward

    Sniff test failed

    NSO Group (the Pegasus spyware that's popping up across the world on world leaders computers, press, NGOs etc. latest being a French journalist):

    https://en.wikipedia.org/wiki/NSO_Group

    "NSO's founders are ex-members of Unit 8200, the Israeli Intelligence Corps unit responsible for collecting signals intelligence."

    Cybereason (the company in this article)

    https://en.wikipedia.org/wiki/Cybereason

    https://www.builtinboston.com/2016/12/01/cybereason-founding-story

    "Before launching Boston-based Cybereason, Lior Div was a member of Unit 8200, the famed Israeli intelligence group responsible for collecting signal intelligence and decrypting codes, much like the United States’ National Security Agency (NSA)."

    Both from the same Israeli military surveillance unit. Sniff test failed.

    1. Version 1.0 Silver badge
      IT Angle

      Re: Sniff test failed

      I wonder if it works like this - the hackers email tons of messages that, when opened, grant access to the system. Then they look in the system to obtain internal details;

      PFY hacker: "Nothing political or secret in this system, it's just a corporation"

      PHB hacker: "OK install the malware"

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021