Operation DRAGONCLONE Chinese Telecommunication industry targeted via VELETRIX & VShell malware

Introduction

Seqrite Labs APT-Team has recently found a campaign targeting the Chinese Telecom Industry. The campaign is aimed at targeting China Mobile Tietong Co., Ltd., which is a well-known subsidiary of China Mobile, one of the major telecom companies in China. The entire malware ecosystem involved in this campaign is based on the use of VELETRIX malware and VShell malware, a very well-known adversary simulation tool that is widely adopted by threat actors from China to target various Western entities.

In this blog, we will explore the technical sophistication of the campaign encountered during our analysis. We will examine various stages of this campaign, starting from a deep dive into the initial infection stage to the implants used, concluding with an overview of the campaign.

To read the complete article, see: Operation DRAGONCLONE: Chinese Telecommunication industry targeted via VELETRIX & VShell malware