{
  "name": "Sustained Campaign Using Chinese Espionage Tools Targets Telcos",
  "slug": "sustained-campaign-using-chinese-espionage-tools-targets-telcos",
  "description": "Attackers using tools associated with Chinese espionage groups have breached multiple telecom operators in a single Asian country in a long-running espionage campaign. The attackers placed backdoors on the networks of targeted companies and also attempted to steal credentials.",
  "published": "2024-06-20T14:46:25+00:00",
  "created_at": "2024-06-20T14:46:25+00:00",
  "modified_at": "2024-06-20T15:12:51+00:00",
  "created_at_opencti": "2024-06-20T14:46:25+00:00",
  "author": "",
  "confidence": null,
  "report_types": [],
  "labels": [],
  "tags": [
    "2024-06-20",
    "backdoor",
    "coolclient",
    "credential-theft",
    "espionage",
    "keylogger",
    "quickheal",
    "rainyday",
    "responder",
    "telecommunications"
  ],
  "related_entities": {
    "observables": [
      {
        "id": "",
        "name": "65.20.76.211"
      },
      {
        "id": "",
        "name": "65.20.73.72"
      },
      {
        "id": "",
        "name": "65.20.82.212"
      },
      {
        "id": "",
        "name": "65.20.70.110"
      },
      {
        "id": "",
        "name": "65.20.69.80"
      },
      {
        "id": "",
        "name": "65.20.66.214"
      },
      {
        "id": "",
        "name": "49.204.77.162"
      },
      {
        "id": "",
        "name": "65.20.66.128"
      },
      {
        "id": "",
        "name": "206.189.136.180"
      },
      {
        "id": "",
        "name": "43.152.200.62"
      },
      {
        "id": "",
        "name": "38.60.254.243"
      },
      {
        "id": "",
        "name": "157.245.107.16"
      },
      {
        "id": "",
        "name": "159.89.170.164"
      },
      {
        "id": "",
        "name": "159.65.158.28"
      },
      {
        "id": "",
        "name": "143.110.244.132"
      },
      {
        "id": "",
        "name": "143.110.250.11"
      },
      {
        "id": "",
        "name": "146.190.18.167"
      },
      {
        "id": "",
        "name": "142.93.223.200"
      },
      {
        "id": "",
        "name": "14.161.4.152"
      },
      {
        "id": "",
        "name": "139.84.163.162"
      },
      {
        "id": "",
        "name": "139.84.166.131"
      },
      {
        "id": "",
        "name": "139.84.165.248"
      },
      {
        "id": "",
        "name": "139.59.37.50"
      },
      {
        "id": "",
        "name": "139.84.130.178"
      },
      {
        "id": "",
        "name": "139.84.137.139"
      },
      {
        "id": "",
        "name": "134.209.156.5"
      },
      {
        "id": "",
        "name": "139.59.35.77"
      },
      {
        "id": "",
        "name": "134.209.147.60"
      },
      {
        "id": "",
        "name": "113.160.186.153"
      },
      {
        "id": "",
        "name": "117.2.82.149"
      },
      {
        "id": "",
        "name": "65.60.14.246"
      },
      {
        "id": "",
        "name": "206.189.140.171"
      },
      {
        "id": "",
        "name": "115.79.207.240"
      },
      {
        "id": "",
        "name": "203.159.95.197"
      },
      {
        "id": "",
        "name": "110.34.166.198"
      },
      {
        "id": "",
        "name": "103.180.161.123"
      },
      {
        "id": "",
        "name": "f45dabd683795f099a40553e5d85c9bc8a15bb964c992b45cec48c620ff78fdb"
      },
      {
        "id": "",
        "name": "e32c5e6d70895f0d071f420b7ff28c6fe0eaf2c08eeebe39122b3b1fd1981473"
      },
      {
        "id": "",
        "name": "dc9a12574f8c3b5bed6043b1cd3fd43672779d132c864bb22ae8b0a5dee24576"
      },
      {
        "id": "",
        "name": "c61daa0df88a33387b94b22bfc0b68d1211a57357aff401613c07832b5192fc0"
      },
      {
        "id": "",
        "name": "c348eba51897fbd55ca3ffdaab21259b8f73688e6e008b923ebc597c6272d2d9"
      },
      {
        "id": "",
        "name": "6ad67d7f76986359865667bdd51ba267f6bd7e560270512074448dd7b088bcb7"
      },
      {
        "id": "",
        "name": "6a5fdbe9579b69d4a5e1f6930145debd5adb2a9f93dd052bfb442cbd0141277b"
      },
      {
        "id": "",
        "name": "4c136270ca4c17edb77985aca570e291fa77abaaa48761f85e184892089164a6"
      },
      {
        "id": "",
        "name": "3aae73ff8ff5973c74af5a7991ca6a57ce797b7b775e1358efd9d76b67b5797b"
      },
      {
        "id": "",
        "name": "1906e7d5a745a364c91f5e230e16e1566721ace1183a57e8d25ff437664c7d02"
      },
      {
        "id": "",
        "name": "089809e73354648b3caed7db6bc24dcce4f2ef0f327206fd14f36c6619d9ed30"
      }
    ],
    "malware": [
      {
        "id": "316f008f-d739-4911-8eb6-ff5c3bfa7657",
        "name": "CoolClient",
        "slug": "coolclient"
      },
      {
        "id": "5177dfdb-d3bb-406f-aa53-fb962704dacf",
        "name": "QuickHeal",
        "slug": "quickheal"
      },
      {
        "id": "legacy:malware:2718baf0148eb1c8",
        "name": "RainyDay - S0629",
        "slug": "rainyday-s0629"
      }
    ],
    "attack_patterns": [
      {
        "id": "16e26db7-7376-40c1-b8a9-23d56c44f7ee",
        "name": "T1571"
      },
      {
        "id": "820fbdf8-7db2-4292-9a60-7eed3567be8d",
        "name": "T1210"
      },
      {
        "id": "29f7ff93-033b-4f8d-8691-5bcaa438c80f",
        "name": "T1592"
      },
      {
        "id": "0b2b1ecd-d52e-492a-af08-050954bc03e5",
        "name": "T1056"
      },
      {
        "id": "74d6e294-54d1-4a21-9dfc-df5870f8ec8e",
        "name": "T1003"
      }
    ],
    "others": [
      {
        "id": "",
        "name": "Education"
      },
      {
        "id": "",
        "name": "Telecommunications"
      }
    ]
  },
  "external_refs": [
    "https://symantec-enterprise-blogs.security.com/threat-intelligence/telecoms-espionage-asia",
    "https://otx.alienvault.com/pulse/66745ce26e18f22c7bd7cddc"
  ]
}