Data related to Operation Diànxùn shows that victims were lured to a website purporting to be a career page for Huawei widely regarded as the leader in the 5G space. Several governments, including the US, have barred the use of Huawei s 5G technology out of fears that it might contain backdoors that enable widespread spying. There s nothing to indicate that Huawei is in any way connected to the current threat campaign, however, McAfee says.
According to the security vendor, it s unclear how the attackers initially lured victims to the phishing site. But once victims got there, they were greeted with a webpage that looked very similar to Huawei s career site. The attackers used the fake website to download malware that masqueraded as a Flash application. The site from which the Flash application was downloaded also was carefully designed to appear like the official webpage in China for the Flash download site. The malware, among other things, downloaded the Cobalt Strike attack k