Operation Tainted Love

Operation Tainted Love: Middle East on Strike Again By Chinese Cyber Threat Actors

2 Mins Read

PUREVPNNewsOperation Tainted Love: Middle East on Strike Again By Chinese Cyber Threat Actors

A new cyberespionage campaign called “Operation Tainted Love” has been carried out by a Chinese threat actor targeting telecommunication providers in the Middle East during the beginning of this year. 

The attacks were detected and investigated by SentinelOne, which identified an advanced toolset that was linked to the previously-known Operation Soft Cell. While there are indications that the attackers are associated with a Chinese cyberespionage group, the precise attribution is not fully established.

Recipe to attack

To initiate the attack, the perpetrators utilize web shells to execute commands on internet-facing Microsoft Exchange servers. 

  • Following this initial access, the attackers conduct various activities, such as reconnaissance, lateral movement, credential theft, and data exfiltration.
  • The Operation Soft Cell campaign places significant reliance on a proprietary credential theft malware known as mim221, which is equipped with advanced anti-detection features and modified versions of Mimikatz. 
  • The malware is frequently updated and maintained, indicating the attackers’ dedication to continuously improving their toolset to ensure maximum concealment.

Attribution

The available attribution techniques indicate a potential association with the Operation Soft Cell campaign, although the exact identity of the threat actor remains uncertain.

  • APT41 is considered a plausible candidate due to shared code resemblances and the utilization of a mutual code signing certificate. 
  • Based on prior target and TTP overlaps, along with knowledge of the victim environments, there is a moderate level of confidence that Gallium might be involved.

“Regardless of clustering specifics, this finding highlights the increased operational tempo of Chinese cyberespionage actors and their consistent investment in advancing their malware arsenal to evade detection,” Sentinel labs.

Concluding thoughts

Chinese threat actors involved in cyber espionage have demonstrated a strategic interest in the Middle East, as evidenced by their persistent targeting of various entities, such as government, finance, entertainment, and telecommunication organizations. The recent incidents affecting the telecommunication sector, which are the focus of this article, represent some of the latest attacks in this regard.

Sentinel Labs’ assessment of mim221(used in recent attacks) emphasizes the ongoing refinement and advancement of the Chinese cyberespionage malware toolkit. These actors will likely continue to explore and improve their methods for evading detection, including through the integration and modification of publicly available code.

author

PureVPN

date

March 30, 2023

time

1 year ago

PureVPN is a leading VPN service provider that excels in providing easy solutions for online privacy and security. With 6000+ servers in 65+ countries, It helps consumers and businesses in keeping their online identity secured.

Related Stories

Apple and Google Introduce Alerts for Hidden Bluetooth Trackers on iOS and Android

Apple and Google Introduce Alerts for Hidden Bluetooth Trackers on iOS and Android
Posted on May 16, 2024
Phorpiex Botnet Sends Millions of Emails in LockBit Black Ransomware Attack

Phorpiex Botnet Sends Millions of Emails in LockBit Black Ransomware Attack
Posted on May 14, 2024
South Australia Wants to Ban Social Media for Kids, Soaring VPN Searches

South Australia Wants to Ban Social Media for Kids, Soaring VPN Searches
Posted on May 14, 2024

Have Your Say!!

Join 3 million+ users to embrace internet freedom

Signup for PureVPN to get complete online security and privacy with a hidden IP address and encrypted internet traffic.

Get PureVPN