Summary:
The telecommunications sector, per CrowdStrike, has witnessed a 130% increase in nation-state activity over the past year, primarily driven by the fact that they are a treasure trove of intelligence. The latest threat actor to train its sights on the industry vertical is a Chinese threat actor dubbed Glacial Panda. The geographic footprint of the hacking group spans Afghanistan, Hong Kong, India, Japan, Kenya, Malaysia, Mexico, Panama, the Philippines, Taiwan, Thailand, and the United States.

Their main objectives include stealing sensitive intellectual property, intercepting communications data, and maintaining long-term access to critical infrastructure. By focusing on these industries, the groups are positioning themselves to gain intelligence not only on the direct victims but also on the many organizations that depend on those services.

In addition to exploiting internet-facing appliances for initial access, the group is also believed to have compromised small office and home office (SOHO) devices located in the targeted country, using them as exit nodes to hinder detection efforts. Infection pathways also include exploitation of known security flaws in Citrix NetScaler ADC and NetScaler Gateway (CVE-2023-3519) and Commvault (CVE-2025-3928). The initial access is leveraged to deploy web shells like neo-reGeorg to establish persistence and ultimately drop a custom malware called CloudedHope.

Security Officer Comments:
The assaults suggest the pathway to which state-sponsored groups are moving their strategy to strike newer technology terrain. In contrast to previous attempts to hit individual firms or persons, striking cloud and telecom providers puts the attackers in a position to access vast amounts of information and services that enable international commerce, government functions, and individual communications. In essence, these types of operators are "gateways" to complete systems, and the scenario is far more delicate than that of a single company's security having been breached.

Numerous groups carrying out the same actions define a coordinated process, and the multiple teams specialize in particular elements of the attack mechanism. The structure makes them stronger and harder to break up. For companies and individuals, all is at stake. Even if a company is not specifically the target of these groups, they will be indirectly affected if one of their telcos or cloud providers becomes compromised. It shows how inter-linked the threats are, and thus how such campaigns of espionage can have an impact that echoes far wider than at first might initially seem.

Suggested Corrections:

• For telecom and cloud providers, threat-hunting programs, network segmentation, and regular red team engagements are part of determining sophisticated adversaries.
• These organizations should also review their vendor risk management programs and implement incident response plans when a supply-chain type of attack occurs.
• Finally, it is still crucial for these organizations to join information sharing groups, such as ISACs, in order to remain one step ahead of rapidly changing campaigns and learn from others' errors.

Link(s):
https://thehackernews.com/2025/08/chinese-hackers-murky-genesis-and.html

https://go.crowdstrike.com/rs/281-OBQ-266/images/Threat-Hunt-Report-2025.pdf