Chinese Hackers Use GHOSTSPIDER Malware to Hack Telecoms Across 12+ Countries

GHOSTSPIDER Malware

The China-linked threat actor known as Earth Estries has been observed using a previously undocumented backdoor called GHOSTSPIDER as part of its attacks targeting Southeast Asian telecommunications companies.

Trend Micro, which described the hacking group as an aggressive advanced persistent threat (APT), said the intrusions also involved the use of another cross-platform backdoor dubbed MASOL RAT (aka Backdr-NQ) on Linux systems belonging to Southeast Asian government networks.

In all, Earth Estries is estimated to have successfully compromised more than 20 entities spanning telecommunications, technology, consulting, chemical, and transportation industries, government agencies, and non-profit organization (NGO) sectors.

Victims have been identified across over a dozen countries, including Afghanistan, Brazil, Eswatini, India, Indonesia, Malaysia, Pakistan, the Philippines, South Africa, Taiwan, Thailand, the U.S., and Vietnam.

Earth Estries shares overlap with clusters tracked by other cybersecurity vendors under the names FamousSparrow, GhostEmperor, Salt Typhoon, and UNC2286. It’s said to be active since at least 2020, leveraging a wide range of malware families to breach telecommunications and government entities in the U.S., the Asia-Pacific region, the Middle East, and South Africa.

According to a report from The Washington Post last week, the hacking group is believed to have penetrated more than a dozen telecom companies in the U.S. alone. As many as 150 victims have been identified and notified by the U.S. government.

GHOSTSPIDER Malware
The infection chain of DEMODEX rootkit

Some of the notable tools in its malware portfolio include the Demodex rootkit and Deed RAT (aka SNAPPYBEE), a suspected successor to ShadowPad, which has been widely used by several Chinese APT groups. Also put to use by the threat actor backdoors and information stealers like Crowdoor, SparrowDoor, HemiGate, TrillClient, and Zingdoor.

READ MORE HERE

By Published On: November 28, 2024Categories: UncategorizedComments Off on Chinese Hackers Use GHOSTSPIDER Malware to Hack Telecoms Across 12+ Countries

Share This Story, Choose Your Platform!