A rare piece of malware has been targeting telecommunications providers across three continents.
SentinelOne’s cybersecurity researchers have detected a fresh piece of malware called LuaDream on telecom infrastructure in the Middle East, Western Europe, and South Asia.
This malware is distinct because it makes use of the LuaJIT just-in-time (JIT) compiler for the Lua programming language. The Hacker News, a news website, notes that Lua is not exactly a popular choice among hackers, with malware written in this language having only been discovered three times in the previous ten years. That includes Project Sauron, Animal Farm (also known as SNOWGLOBE), and Flame.
The researchers added that LuaDream is a modular, multi-protocol backdoor with 13 core and 21 support components. Its primary objectives are to steal user and system data and to launch new plugins, including command execution.
The researchers hypothesize that the work is a “well-executed, maintained, and actively developed project of a considerable scale” in light of the victim organizations, the endpoints on which the malware had been discovered, the unusual choice of programming language, and the type of data LuaDream looks to exfiltrate. The attackers, who were unknown at the time, reportedly went to great measures to remain undetected.
The source code specifies a date in June 2022, but the malware was discovered in August 2023, giving the researchers the impression that it had been developed for more than a year.
Despite being inconclusive, some evidence regarding the assailants’ identities pointed to Chinese actors. The “strategic” Chinese intrusions into Africa, some of which targeted telecom companies, are covered in a different SentinelOne study. These were a component of the Backdoor Diplomacy, Earth Estries, and Operation Tainted Love activity clusters. Operation Tainted Love, the latter, is said to use the same threat actor as LuaDream activities.
“Targeted intrusions by the BackdoorDiplomacy APT and the threat group orchestrating Operation Tainted Love indicate a level intention directed at supporting [China in its efforts to] shape policies and narratives aligned with its geostrategic ambitions, establishing itself as a pivotal and defining force in Africa’s digital evolution,” security researcher Tom Hegel said, TechRadar reported.