A multi-year espionage campaign targeting Asian telecom companies has now been attributed to Chinese state hackers. The campaign has been active since at least 2021 and has targeted telecom operators, universities, and a company providing services to telcos. The attackers used custom backdoors including Coolclient, Quickheal, and Rainyday, all previously associated with Chinese threat actors. The attacks may have been coordinated by multiple actors, orchestrated by a single attacker, or conducted independently by various actors. Currently, the ultimate motive of these attackers is unclear. It is possible that they were working to gather intelligence on the telecom sector, eavesdropping, or attempting to disrupt critical infrastructure. 

Read more: https://www.securityweek.com/long-running-chinese-espionage-campaign-targets-telecom-firms-in-asian-country/