A rare piece of malware has been spotted targeting telecommunications providers on three continents.
Cybersecurity researchers at SentinelOne recently discovered a new malware called LuaDream on telecom infrastructure in the Middle East, Western Europe and the South Asian subcontinent.
What makes this malware unique is that it uses a just-in-time (JIT) compiler for the Lua programming language, called LuaJIT. Lua isn’t exactly a popular choice among hackers, as malware written in this language has only been spotted three times in the past decade. The hacker news reports. That includes Flame, Animal Farm (AKA SNOWGLOBE), and Project Sauron.
Advanced Threat Actors
LuaDream is a modular, multi-protocol backdoor, which contains 13 core and 21 supporting components, the researchers further explained. Its main purpose is to steal system and user information and run additional plugins, including command execution.
Considering the victim organizations, the endpoints on which the malware was found, the rare choice of programming language, and the type of data LuaDream appears to be exfiltrating, the researchers speculate that the work is a “well-executed, maintained, and actively developed solution.” project of considerable size.” The then unknown attackers made considerable efforts to stay out of sight, it was said.
The malware was detected in August 2023, but the source code points to a date of June 2022, leading researchers to believe the malware had been in the works for more than a year.
When it comes to the identity of the attackers, while the evidence is inconclusive, it does point to Chinese actors. A separate SentinelOne report discusses “strategic” Chinese intrusions in Africa, some of which targeted telecommunications providers. These were part of activity clusters called Backdoor Diplomacy, Earth Estries and Operation Tainted Love. The latest – Operation Tainted Love – reportedly shares the same threat actor with the LuaDream activity.
“Targeted intrusions by the BackdoorDiplomacy APT and the threat group orchestrating Operation Tainted Love indicate a level of intent aimed at supporting (China in its efforts to) shape policies and narratives aligned with its geostrategic ambitions, and itself to establish itself as a crucial and defining force in Africa’s digital world. evolution,” says security researcher Tom Hegel.