1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • New Linux malware found targeting mobile networks across the worl

    From TechnologyDaily@1337:1/100 to All on Mon Mar 4 16:00:06 2024
    New Linux malware found targeting mobile networks across the world

    Date:
    Mon, 04 Mar 2024 15:52:43 +0000

    Description:
    A known Chinese group built a new backdoor to try and steal sensitive data from telecommunications firms.

    FULL STORY ======================================================================

    Threat actors have been targeting telecom operators across the world in a stealthy, sophisticated espionage campaign, new research has found.

    A report from BleepingComputer cites the findings of a security researcher with the alias HaxRob who found two versions of a previously unknown
    backdoor, uploaded to VirusTotal in late 2023. The backdoor is called
    GTPDOOR, and apparently, it targets a very old Red Hat Linux version, indicating an outdated target.

    The backdoor was said to be targeting SGSN, GGSN, and P-GW, systems which are adjacent to the GPRS roaming eXchange (GRX) service. These services can grant the attackers direct access to a telecoms core network which, in turn, would allow them to gather sensitive, private information. With the help of
    GTPDOOR, the attackers could set a new encryption key for C2 communications, write arbitrary data to a local file named system.conf, execute arbitrary shell commands and return the output back to the C2, specify which IP addresses can communicate with the compromised host, pull the ACL list, and finally, reset the malware . LightBasin returns

    The backdoors were largely undetected by antivirus engines, BleepingComputer notes.

    The researcher attributed the backdoor to LightBasin, allegedly a Chinese threat actor, also known as UNC1945. It was first spotted by cybersecurity researchers Mandiant, back in 2016 and has, since then, been observed targeting the telecommunications sector at a global scale.

    The group has in-depth knowledge of telecommunications network architecture, and protocols, it was said, and emulated some of them to steal highly
    specific information from mobile communication infrastructure (for example, subscriber information and call metadata).

    A report from late 2021, researchers from CrowdStrike said LightBasin managed to attack 13 global telecoms in two years.

    To defend against such attacks, the researchers agree, businesses should
    watch out for unusual raw socket activities, unexpected process names, and malware indicators such as duplicate syslog processes. More from TechRadar
    Pro Massive leak reveals extent of Chinas foreign hacking activities Here's a list of the best firewalls around today These are the best endpoint security tools right now



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/new-linux-malware-found-targeting-mobil e-networks-across-the-world


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)