A China-linked threat actor has been targeting telecoms providers in Africa since November 2022, using the MgBot malware framework and other tools such as PlugX, AnyDesk, and KsRemote.
The threat actor has been conducting espionage activities since 2014, using spear-phishing and living-off-the-land tools to deliver payloads.
The main goal of the campaign is to gather information, which is enabled by the capabilities of MgBot plugins.
Three additional victims have been identified in Asia and Africa, and the threat actor is suspected to be related to the same group that conducted the Tainted Love campaign in Q1 2023.
Telecoms companies are prime targets for intelligence gathering campaigns due to the access they provide to end-users’ communications.
๐ Feeling the vibes?
Keep the good energy going by checking out my Amazon affiliate link for some cool finds! ๐๏ธ
If not, consider contributing to my caffeine supply at Buy Me a Coffee โ๏ธ.
Your clicks = cosmic support for more awesome content! ๐๐
Leave a Reply