Unmasking Operation Soft Cell: The Persistent Chinese Cyber Espionage Campaign Targeting Middle East Telecoms

In the first quarter of 2023, telecom providers in the Middle East became the targets of a new cyber attack campaign conducted by a Chinese espionage actor. Attribution was made based on similarities in tooling overlaps to a known campaign dubbed “Operation Soft Cell.” This campaign has been ongoing for over a decade, with various espionage campaigns conducted against telecom providers globally.

Attribution of cyber attacks to a Chinese espionage actor

The intrusion set used in the Middle East was attributed to a Chinese espionage actor associated with Operation Soft Cell. The specific group is also known as Gallium and has traditionally targeted unpatched, internet-facing services. The latest campaign followed the same modus operandi with the goal of obtaining footholds within targeted telecom networks.

Methodology used by the threat actor during the attack

Once a foothold had been established, the attackers conducted various activities such as reconnaissance, credential theft, lateral movement, and data exfiltration. The attack was carried out with careful consideration to ensure maximum stealth and long-term access.

History of Operation Soft Cell targeting telecommunications providers

Operation Soft Cell has been running since at least 2012, primarily targeting telecom providers in Asia, Europe, Africa, and the Middle East. The main objective of the campaign is to access customers’ call records, messages, and other sensitive communication data. The group is known for stealing data and remaining undetected within systems for spans of up to five years.

Use of tools by the threat actor such as Mimikatz and PingPull

The Soft Cell threat actor utilized various tools, such as Mimikatz and PingPull, in its espionage campaigns. Mimikatz is a well-known credential theft tool used to obtain access to sensitive network resources. PingPull is a backdoor employed in a variety of campaigns with stealth capabilities that are difficult to detect. The use of these tools points to the advanced capabilities of the threat actor.

Focus on custom toolsets to maintain stealth

The central aspect of the recent campaign was the deployment of a custom variant of Mimikatz called mim221. This variant packed additional anti-detection features. The group also employed special-purpose modules that implemented advanced techniques, indicating their dedication towards weaponizing infrastructure to the fullest extent to avoid detection.

Detection and prevention of the attacks:

The recent cyber attacks in the Middle East were eventually thwarted, and no implants were deployed on the target networks. With increased awareness, threat intelligence, and early detection, defenders are better equipped to stop cyber attacks. Telecom providers should take a layered approach to security, including:

1. Keeping all software up-to-date,
2. Blocking unnecessary ports on firewalls,
3. Utilizing two-factor authentication,
4. Monitoring for unusual network activity,
5. Deploying enterprise antivirus and network security solutions.

Likelihood of continued upgrades to evade detection

The Soft Cell campaign has been ongoing for close to a decade, however, the group does not appear to be slowing down anytime soon. The group could explore upgrading its tools with new techniques for evading detection, which will make the work of the defenders even more challenging.

With the current cyberattacks on telecom providers, the importance of cybersecurity has been highlighted. The recent attack in the Middle East by a Chinese espionage actor is another pointer to the need for a layered approach to security. The fact that the recent attacks were foiled shows that when organizations have proper security protocols in place, even sophisticated cyber threats can be detected before irreparable damage occurs. Lessons should be learned from this attack, and stakeholders should be vigilant against future threats.

Explore more

Companies Can Prevent Bad AI Hires by Measuring True Fluency

Organizations across the global marketplace are currently grappling with an unprecedented urgency to demonstrate sophisticated artificial intelligence capabilities to their demanding boards and expectant investors. This intense pressure has transformed AI fluency from a specialized technical niche into a mandatory prerequisite for nearly ninety-five percent of organizations operating today. However, the rush to secure talent has led to a paradoxical

Can RPA Balance Healthcare Efficiency With Patient Care?

The modern medical landscape is currently defined by a paradoxical struggle where advanced clinical innovations are often overshadowed by the sheer volume of clerical work required to sustain them. Doctors today spend a staggering amount of their shifts staring at glowing screens rather than engaging with the human beings sitting in the examination rooms. When a physician spends more time

How Is BlackRock Dominating the Tokenized Asset Market?

BlackRock’s strategic deployment of the USD Institutional Digital Liquidity Fund has fundamentally reshaped the landscape of global finance by successfully bridging the gap between traditional banking and decentralized ledgers. This initiative, widely recognized as BUIDL, represents a pivot from the speculative nature of early cryptocurrency markets toward the practical utility of high-grade financial instruments. By 2026, the institutional narrative has

How Can Lagos State Combat Workplace Harassment?

The rapidly evolving commercial landscape of Lagos State, often characterized by its relentless pace and high-stakes corporate environment, currently faces a critical reckoning as reports of workplace harassment continue to surface across various sectors. This phenomenon is not merely a social grievance but a significant barrier to economic productivity and employee retention in Africa’s largest subnational economy. As the city

Microsoft Refines Windows 11 Design With K2 Initiative

The traditional desktop environment is undergoing a fundamental transformation as Microsoft addresses long-standing visual inconsistencies through its ambitious internal project known as the K2 Initiative. This effort represents a significant shift from the piecemeal updates seen in previous years toward a holistic overhaul of the operating system’s aesthetic and functional layers. By prioritizing a more cohesive user experience, developers worked