A Chinese cyber-espionage group has shifted operations from targeting Vatican officials and Catholic organizations to telecom providers across Asia, Europe, and the US.

The group, known in the cybersecurity community as Mustang Panda or RedDelta, has been targeting employees of telecom companies since last fall, as a gateway inside organizations, with the end goal of stealing 5G-related information.

Chinese group targeted telco employees with job offers

According to a technical report published today by security firm McAfee and titled “Operation Diànxùn” [PDF], the Mustang Panda group primarily relied on luring telco employees to a malicious site masquerading as Huawei’s careers page.

The phishing site would ask users to install a Flash software update hosted on a malicious site, and this file would later download and install a .NET backdoor, which would communicate with the attacker’s remote infrastructure via a Cobalt Strike beacon.

McAfee said the point of these attacks was to gain a foothold on a telcos’ internal networks.

“We believe that this espionage campaign is aimed at stealing sensitive or secret information in relation to 5G technology,” the company said today.

Attacks were observed against telcos in Southeast Asia, Europe, and the US; however, McAfee said it observed the group also showing “strong interest in German, Vietnamese, and India telecommunication companies.”

Source: Chinese cyberspies go after telco providers, 5G secrets