Unmasking Operation Soft Cell: The Persistent Chinese Cyber Espionage Campaign Targeting Middle East Telecoms

In the first quarter of 2023, telecom providers in the Middle East became the targets of a new cyber attack campaign conducted by a Chinese espionage actor. Attribution was made based on similarities in tooling overlaps to a known campaign dubbed “Operation Soft Cell.” This campaign has been ongoing for over a decade, with various espionage campaigns conducted against telecom providers globally.

Attribution of cyber attacks to a Chinese espionage actor

The intrusion set used in the Middle East was attributed to a Chinese espionage actor associated with Operation Soft Cell. The specific group is also known as Gallium and has traditionally targeted unpatched, internet-facing services. The latest campaign followed the same modus operandi with the goal of obtaining footholds within targeted telecom networks.

Methodology used by the threat actor during the attack

Once a foothold had been established, the attackers conducted various activities such as reconnaissance, credential theft, lateral movement, and data exfiltration. The attack was carried out with careful consideration to ensure maximum stealth and long-term access.

History of Operation Soft Cell targeting telecommunications providers

Operation Soft Cell has been running since at least 2012, primarily targeting telecom providers in Asia, Europe, Africa, and the Middle East. The main objective of the campaign is to access customers’ call records, messages, and other sensitive communication data. The group is known for stealing data and remaining undetected within systems for spans of up to five years.

Use of tools by the threat actor such as Mimikatz and PingPull

The Soft Cell threat actor utilized various tools, such as Mimikatz and PingPull, in its espionage campaigns. Mimikatz is a well-known credential theft tool used to obtain access to sensitive network resources. PingPull is a backdoor employed in a variety of campaigns with stealth capabilities that are difficult to detect. The use of these tools points to the advanced capabilities of the threat actor.

Focus on custom toolsets to maintain stealth

The central aspect of the recent campaign was the deployment of a custom variant of Mimikatz called mim221. This variant packed additional anti-detection features. The group also employed special-purpose modules that implemented advanced techniques, indicating their dedication towards weaponizing infrastructure to the fullest extent to avoid detection.

Detection and prevention of the attacks:

The recent cyber attacks in the Middle East were eventually thwarted, and no implants were deployed on the target networks. With increased awareness, threat intelligence, and early detection, defenders are better equipped to stop cyber attacks. Telecom providers should take a layered approach to security, including:

1. Keeping all software up-to-date,
2. Blocking unnecessary ports on firewalls,
3. Utilizing two-factor authentication,
4. Monitoring for unusual network activity,
5. Deploying enterprise antivirus and network security solutions.

Likelihood of continued upgrades to evade detection

The Soft Cell campaign has been ongoing for close to a decade, however, the group does not appear to be slowing down anytime soon. The group could explore upgrading its tools with new techniques for evading detection, which will make the work of the defenders even more challenging.

With the current cyberattacks on telecom providers, the importance of cybersecurity has been highlighted. The recent attack in the Middle East by a Chinese espionage actor is another pointer to the need for a layered approach to security. The fact that the recent attacks were foiled shows that when organizations have proper security protocols in place, even sophisticated cyber threats can be detected before irreparable damage occurs. Lessons should be learned from this attack, and stakeholders should be vigilant against future threats.

Explore more

Ethereum Eyes $1,800 as Buterin Unveils Lean Roadmap

Digital asset markets often react violently to technical shifts, but the recent strategic pivot outlined by Vitalik Buterin has sparked a more calculated sense of optimism across the global decentralized finance ecosystem. The Ethereum network is currently navigating a pivotal transition phase where the complexity of past upgrades is being replaced by a streamlined vision designed to reduce hardware requirements

AI Transforms the Frontline Employee Lifecycle

High turnover in retail and manufacturing industries is often the direct result of systemic failure and fragmented technology rather than individual performance or a lack of motivation. In environments where every minute spent off the floor impacts the bottom line, a worker who cannot access their schedule or find a safety manual quickly becomes a significant flight risk. This phenomenon,

Can Your Android Device Run a Full Linux Desktop?

The modern smartphone possesses more raw computational power than the professional workstations that once powered global space exploration, yet its potential remains confined within a mobile interface. Android, while built on the robust Linux kernel, serves as a specialized environment that prioritizes touch interaction and energy efficiency over the versatile multitasking capabilities found in a traditional desktop setup. This inherent

Can Windows 11 Cloud Rebuild Replace Your Recovery USB?

The sudden failure of a primary operating system often triggers an immediate scramble for physical media, yet the necessity for a bootable USB drive is increasingly being challenged by sophisticated network-based solutions. For years, the gold standard for system recovery involved manual intervention with external hardware, which frequently contained outdated builds of Windows that required hours of patching after a

Can UiPath’s AI Strategy Bridge Its Massive Growth Gap?

The enterprise automation landscape has reached a critical juncture where the traditional efficiency gains of robotic process automation are no longer sufficient to satisfy investors who demand hyper-growth fueled by generative artificial intelligence. While UiPath built its empire on the promise of delegating repetitive tasks to software bots, the rapid emergence of agentic AI has forced a fundamental redesign of