FlagThis

Chinese APT groups are actively targeting U.S. telecom providers and European healthcare organizations using sophisticated cyberattacks. The attacks involve custom malware, such as JumbledPath used by Salt Typhoon to spy on U.S. telecom networks, and the exploitation of vulnerabilities like the Check Point flaw (CVE-2024-24919). These campaigns are characterized by the deployment of advanced tools like ShadowPad and NailaoLocker ransomware, indicating a blend of espionage and financially-motivated cybercrime.

These threat actors gain initial access through exploited vulnerabilities, then move laterally within the networks using techniques like RDP to obtain elevated privileges. The attackers then deploy ShadowPad and PlugX, before deploying the NailaoLocker ransomware in the final stages, encrypting files and demanding Bitcoin payments. These findings highlight the evolving tactics of Chinese APT groups and the challenges in attributing these attacks, given the blurring lines between state-sponsored espionage and financially driven operations.

ImgSrc: www.bleepstatic.com

References:

• @bleepingcomputer.com - BleepingComputer - The Chinese state-sponsored Salt Typhoon hacking group uses a custom utility called JumbledPath to stealthily monitor network traffic and potentially capture sensitive data in cyberattacks on U.S. tel - 18h
• @BleepingComputer - The Chinese state-sponsored Salt Typhoon hacking group uses a custom utility called JumbledPath to stealthily monitor network traffic and potentially capture sensitive data in cyberattacks on U.S. tel - 18h
• Security Affairs - Salt Typhoon used custom malware JumbledPath to spy U.S. telecom providers - 18h
• www.bleepingcomputer.com - state-sponsored hacking group uses a custom utility called JumbledPath to stealthily monitor network traffic and potentially capture sensitive data in cyberattacks on U.S. telecommunication providers. - 18h
• The Hacker News - Chinese-Linked Attackers Exploit Check Point Flaw to Deploy ShadowPad and Ransomware - 13h
• @youranonriots - state-sponsored hacking group uses a custom utility called JumbledPath to stealthily monitor network traffic and potentially capture sensitive data in cyberattacks on U.S. telecommunication providers. - 11h
• @BleepingComputer - The Chinese state-sponsored Salt Typhoon hacking group uses a custom utility called JumbledPath to stealthily monitor network traffic and potentially capture sensitive data in cyberattacks on U.S. tel - 10h
• @carlypage - state-sponsored hacking group uses a custom utility called JumbledPath to stealthily monitor network traffic and potentially capture sensitive data in cyberattacks on U.S. telecommunication providers. - 10h
• Blog - New Details: Salt Typhoon Used Leaked Creds in Telecom Attack - 4h
• SecureWorld News - Chinese cyber espionage group Salt Typhoon has made headlines in the last year, breaching major , including AT&T, Verizon, and Lumen Technologies. - 4h

Classification:

• HashTags: APT China Cybersecurity
• Target: Telecom & Healthcare
• Attacker: China-linked APT groups
• Product: Telecom & Healthcare
• Feature: Espionage
• Type: Espionage
• Severity: Major