Presentation information

TIPS#4 Operation Diànxùn: a cyberespionage campaign targeting telecommunication companies

Thibault Seret (McAfee) & Thomas Roccia (McAfee)
The telecommunications sector has become a strategic and political stake for several countries. 5G deployment is an absolute priority because it will help to assert the economic power of the protagonists. It will also strengthen the control of global communications passing through 5G networks. For this reason, there are many actors taking part in the game to win the battle of 5G by carrying out espionage campaigns to spy on and steal trade secrets.

In this presentation, we will describe a cyberespionage campaign against telecom companies that we have attributed to the threat actor Mustang Panda / Red Delta. We will discuss the TTPs used by the threat actor by examining the different steps of the attack and present the operating method. Because cyberespionage campaigns are hard to debunk, we will also discuss the difficulty of attributing a campaign to a Chinese group and present our point of view and how we are trying to improve it by creating a watchlist and operations overview to help the community in this field. Through this presentation, we will provide an overview of Operation Diànxùn as well as our hunting methodology and discuss the puzzle of attribution.
Thibault Seret
McAfee Thibault Seret is a security researcher on the McAfee Advanced Threat Research team (McAfee ATR). He is currently focusing on ransomware analysis and research, reverse engineering and threat intelligence, and trying to fight against bad guys. Before joining ATR, he worked as a cybercrime analyst in a banking institution with the mission to improve the digital forensics department, and as a CERT analyst at an IT services company where he tried to save the world with his teammate. He participates a lot in the security community and CTF competitions and is a teacher for the new generation of cyber defenders. For the Alliance!
Thomas Roccia
McAfee Thomas Roccia is a security researcher in the Advanced Threat Research Team within McAfee. He works on threat intelligence research, tracking cybercrime campaigns, and collaborates with law enforcement agencies. In his previous role, Thomas worked in the McAfee Foundstone Team where he performed incident response, malware hunting and penetration testing around the world. He has helped several customers during major outbreaks and managed highly critical situations.
arrow left Back

TIPS#4 Operation Diànxùn: a cyberespionage campaign targeting telecommunication companies

Thibault Seret (McAfee) & Thomas Roccia (McAfee)
The telecommunications sector has become a strategic and political stake for several countries. 5G deployment is an absolute priority because it will help to assert the economic power of the protagonists. It will also strengthen the control of global communications passing through 5G networks. For this reason, there are many actors taking part in the game to win the battle of 5G by carrying out espionage campaigns to spy on and steal trade secrets.

In this presentation, we will describe a cyberespionage campaign against telecom companies that we have attributed to the threat actor Mustang Panda / Red Delta. We will discuss the TTPs used by the threat actor by examining the different steps of the attack and present the operating method. Because cyberespionage campaigns are hard to debunk, we will also discuss the difficulty of attributing a campaign to a Chinese group and present our point of view and how we are trying to improve it by creating a watchlist and operations overview to help the community in this field. Through this presentation, we will provide an overview of Operation Diànxùn as well as our hunting methodology and discuss the puzzle of attribution.
Thibault Seret
McAfee Thibault Seret is a security researcher on the McAfee Advanced Threat Research team (McAfee ATR). He is currently focusing on ransomware analysis and research, reverse engineering and threat intelligence, and trying to fight against bad guys. Before joining ATR, he worked as a cybercrime analyst in a banking institution with the mission to improve the digital forensics department, and as a CERT analyst at an IT services company where he tried to save the world with his teammate. He participates a lot in the security community and CTF competitions and is a teacher for the new generation of cyber defenders. For the Alliance!
Thomas Roccia
McAfee Thomas Roccia is a security researcher in the Advanced Threat Research Team within McAfee. He works on threat intelligence research, tracking cybercrime campaigns, and collaborates with law enforcement agencies. In his previous role, Thomas worked in the McAfee Foundstone Team where he performed incident response, malware hunting and penetration testing around the world. He has helped several customers during major outbreaks and managed highly critical situations.