China-Linked Hackers Launch Sophisticated Attacks on South American Telecoms

A China-linked advanced persistent threat (APT) actor, tracked by Cisco Talos as UAT-9244, has been targeting critical telecommunications infrastructure in South America since 2024. This group is closely associated with another cluster known as FamousSparrow, indicating a potentially larger and more complex threat landscape.

The attacks have been focused on Windows and Linux systems, as well as edge devices, utilizing three different implants: TernDoor, PeerTime, and BruteEntry. These implants are designed to provide the attackers with persistent access to the compromised systems, allowing for a range of malicious activities including data theft, disruption of services, and potential use of the compromised networks as a launching point for further attacks.

Technical Details of the Implants

  • TernDoor: A Linux-based implant that provides attackers with a backdoor into compromised systems, allowing for command and control (C2) communications and the potential for lateral movement within the network.
  • PeerTime: A Windows-based implant that utilizes peer-to-peer (P2P) communications to evade detection and maintain persistence within the compromised network.
  • BruteEntry: A brute-force tool used for initial access, indicating that the attackers are also leveraging traditional exploit methods to gain entry into target systems.

The targeting of telecommunications infrastructure in South America by this China-linked APT group highlights the increasing threat to critical infrastructure globally. Such attacks can have significant implications for national security, public safety, and the economy, underscoring the need for robust cybersecurity measures and international cooperation to combat these threats.

Advertisement

Organizations, particularly those in the telecommunications sector, are advised to enhance their security posture by implementing robust security controls, conducting regular vulnerability assessments, and training personnel to recognize and respond to sophisticated cyber threats.