A uncommon portion of malware has been observed targeting telecommunications providers crossed 3 continents.
Cybersecurity researchers from SentinelOne precocious discovered a caller malware, dubbed LuaDream, connected infrastructure belonging to telcos successful nan Middle East, Western Europe, and nan South Asian subcontinent.
What makes this malware unsocial is that it leverages a just-in-time (JIT) compiler for nan Lua programming language, dubbed LuaJIT. Lua is not precisely a celebrated prime among hackers, pinch malware written successful this connection only observed 3 times successful nan past 10 years, The Hacker News reports. That includes Flame, Animal Farm (AKA SNOWGLOBE), and Project Sauron.
Advanced threat actors
LuaDream is simply a modular, multi-protocol backdoor, containing 13 halfway and 21 support components, nan researchers further explained. Its main extremity is to bargain strategy and personification accusation and tally further plugins - including bid execution.
Considering nan unfortunate organizations, nan endpoints connected which nan malware had been found, nan uncommon prime of programming language, and nan type of information LuaDream looks to exfiltrate, nan researchers estimate that nan activity is simply a “well-executed, maintained, and actively developed task of a sizeable scale.” The attackers, who are chartless astatine nan time, person gone to sizeable lengths to enactment retired of sight, it was said.
The malware was detected successful August 2023, but nan root codification references a June 2022 date, starring nan researchers to judge nan malware was being prepared for much than a year.
When it comes to nan personality of nan attackers, while inconclusive, immoderate grounds points to Chinese actors. A abstracted SentinelOne study discusses “strategic” Chinese intrusions successful Africa, immoderate of which were against telecommunications providers. These were portion of activity clusters named Backdoor Diplomacy, Earth Estries, and Operation Tainted Love. The second - Operation Tainted Love - allegedly shares nan aforesaid threat character pinch LuaDream activity.
"Targeted intrusions by nan BackdoorDiplomacy APT and nan threat group orchestrating Operation Tainted Love bespeak a level volition directed astatine supporting [China successful its efforts to] style policies and narratives aligned pinch its geostrategic ambitions, establishing itself arsenic a pivotal and defining unit successful Africa's integer evolution," information interrogator Tom Hegel said.
More from TechRadar Pro
- Chinese hackers are exploiting a caller Linux backdoor to target nationalist governments
- Here's a database of nan best endpoint protection services
- Looking for a bully firewall? Here are nan best firewalls correct now