Summary: A newly identified cyberespionage campaign, tracked as CL-STA-0048, has been revealed by Unit 42, primarily targeting high-value organizations in South Asia, particularly a telecommunications company. The campaign, attributed to a nation-state actor likely linked to China, employed sophisticated tactics for intelligence gathering and data exfiltration. Utilizing stealthy methods to circumvent security measures, the attackers systematically targeted vulnerabilities in various system infrastructures, including MSSQL servers, to access personal and sensitive information.
Affected: High-value organizations in South Asia, including a telecommunications company
Keypoints :
- The campaign CL-STA-0048 demonstrates advanced tactics, techniques, and procedures (TTPs), indicating a nation-state-backed actor.
- Attackers used stealthy data exfiltration methods over DNS and SQL tools, avoiding detection from traditional security monitoring.
- Evidence suggests ties between this campaign and known Chinese APT groups, including overlaps in malware variants and command-and-control infrastructure.
Source: https://securityonline.info/cl-sta-0048-chinese-linked-apt-targets-telecoms-in-south-asia/
Views: 6