Threat intelligence firm Mandiant has published research linking a Chinese advanced persistent threat group designated APT45 to an ongoing zero-day exploitation campaign targeting telecommunications providers in Southeast Asia and Europe. The campaign leverages previously unknown vulnerabilities in network management software.
The attackers used the initial access to deploy custom backdoors that intercept call detail records and SMS metadata. Mandiant assesses with high confidence that the campaign is focused on intelligence collection rather than financial gain, based on the targeting pattern and operational tradecraft observed.
Affected vendors have been notified and are developing patches. In the interim, Mandiant has released indicators of compromise and detection signatures through its threat intelligence platform to help organizations identify potential intrusions.
