Four distinct infiltrations by suspected Chinese-state sponsored threat actors stole gigabytes of data from the corporate mail server of major Afghan telecom provider Roshan within the past year, with data exfiltration by some spiking during the Taliban’s recapture of the country, according to new research from Recorded Future’s Insikt Group.
The attacks highlight China’s intelligence interest in the region as the Afghan people face radical changes to their physical and digital lives after U.S. troops withdrew following a two-decade occupation and the Taliban regained control of the country.
Roshan is a mobile phone provider that operates throughout Afghanistan, “covering all 34 provinces with over 6.5 million active subscribers,” according to its website.
“It’s among the biggest suppliers of Internet access to the people of Afghanistan” and a major source of online traffic in and out of the country, Doug Madory, Director of Internet Analysis at Kentik and a longtime observer of global traffic trends, told The Record.
“Telcos are the gateways through which all information flows into the country,” explained Raman Jit Singh Chima, the Asia Policy Director at digital human rights group Access Now. Roshan in particular, he added, has been an important lifeline in the country in recent weeks because it’s among the most stable local telecom providers.
The researchers identified the apparent infiltrations of Roshan’s internal mail server through an analysis of adversary instructure and global network traffic, including observation of communication from the infected system to command and control servers.
Recorded Future notified Roshan of the compromises before Insikt Group’s public disclosure of the at ..
Support the originator by clicking the read the rest link below.
