LightBasin

LightBasin, also called UNC1945 by Mandiant, is a suspected Chinese cyber espionage group, that has been described as an advanced persistent threat that targets telecommunications companies.[1][2] They specialise in targeting Linux and Solaris systems.[1][2]

History

The LightBasin cyber espionage group has operated since 2016.[1][2] CrowdStrike say that they are based in China, though their exact location isn't known.[1] They have targeted 13 telecoms operators.[2]

Targets

CrowdStrike says that the group is unusual in targeting protocols and technology of telecoms operators.[1] Many of their tools are written for them rather than being off the shelf.[1]

After compromising a system, then installed a backdoor, known as SLAPSTICK, for the Solaris Pluggable authentication module.[2] They conceal the traffic between them and the command and control servers within GPRS tunnelling protocol connections via Secure Shell.[1]

CrowdStrike recommend that firewalls dealing with GPRS traffic be configured to limit access to DNS or GPRS tunneling protocol traffic.[1]

References

Nichols, Shaun (2021-10-20). "'LightBasin' hackers spent 5 years hiding on telco networks". TechTarget. Retrieved 2022-04-08.
Ilascu, Ionut (2021-10-19). "LightBasin hacking group breaches 13 global telecoms in two years". Bleeping Computer. Retrieved 2022-04-08.

External links

This article is issued from Wikipedia. The text is licensed under Creative Commons - Attribution - Sharealike. Additional terms may apply for the media files.

[techtarget-lightbasin-1] Nichols, Shaun (2021-10-20). "'LightBasin' hackers spent 5 years hiding on telco networks". TechTarget. Retrieved 2022-04-08.

[bleeping-computer-lightbasin-2] Ilascu, Ionut (2021-10-19). "LightBasin hacking group breaches 13 global telecoms in two years". Bleeping Computer. Retrieved 2022-04-08.