Emissary Panda (APT27), Naikon, and Soft Cell are the organizations that carried out various hacking activities on the same telecom carriers in Southeast Asia at the same time, according to Cybereason.
Recent cyberattacks conducted by Hafnium cybercriminal gang used vulnerabilities in unpatched Microsoft Exchange servers and the same bugs were used in this particular situation. Threat actors gained access to target networks by exploiting vulnerabilities in Microsoft Exchange Server that had previously been published.
Once compromised, the hackers gained access to the sensitive information contained in key network resources such as Domain Controllers (DC), high-level corporate resources such as billing servers that contain call detail record data (CDR), as well as key network components such as telecom carriers’ billing servers.
The Cybereason Nocturnus team noted an interesting overlap between the three clusters. The attacks occurred in some cases in the same target environment, in the same period, and even on the same endpoints. Currently, there is insufficient information to determine whether they are distinct threat actors or just different teams working for a single threat actor.