Operation Tainted Love

Description

(SentinelLabs) In Q1 of 2023, SentinelLabs observed initial phases of attacks against telecommunication providers in the Middle East.

We assess that this activity represents an evolution of tooling associated with Operation Soft Cell.

While it is highly likely that the threat actor is a Chinese cyberespionage group in the nexus of Gallium and APT 41, the exact grouping remains unclear.

SentinelLabs observed the use of a well-maintained, versioned credential theft capability and a new dropper mechanism indicative of an ongoing development effort by a highly-motivated threat actor with specific tasking requirements.

Names

Name	Name-Giver
Operation Tainted Love	SentinelLabs

Country

China

Motivation

Information theft and espionage

First Seen

2023

Observed Sectors

Telecommunications

Observed Countries

Middle East

Tools

Information

https://www.sentinelone.com/labs/operation-tainted-love-chinese-apts-target-telcos-in-new-attacks/

Other Information

Uuid

b448d346-fdb1-48b3-bb8c-7600652af3a0

Last Card Change

2024-12-27

Threat Intelligence Garden

Explorer

Operation Tainted Love

Operation Tainted Love

Description

Names

Country

Motivation

First Seen

Observed Sectors

Observed Countries

Tools

Information

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks