Attacks against the foundational infrastructure supporting the Web3 ecosystem are emerging as a critical threat. The China-nexus advanced threat actor UAT-7290 has been confirmed to be conducting espionage-focused intrusions targeting telecommunication entities in South Asia and Southeastern Europe. Active since at least 2022, UAT-7290 is characterized by its meticulous and extensive technical reconnaissance conducted prior to launching attacks. The ultimate goal involves the deployment of Linux malware families, such as RushDrop, to establish persistent access within the targeted infrastructure. A key aspect of this campaign is the reported involvement of “ORB Nodes.” Telecommunication infrastructure serves as the lifeline for many Web3 services, including node operations, oracle services, and DEX connectivity. By compromising this infrastructure, threat actors gain the potential to disrupt the entire supply chain. The specific use of Linux-based malware highlights the direct risk posed to the Linux server environments widely used for operating DeFi protocols and blockchain nodes. Infrastructure-level breaches can severely impact the availability, data integrity, and asset protection mechanisms of Web3 platforms. Web3 projects must urgently re-evaluate the security posture of underlying infrastructure, especially at the communication layer, and bolster defenses against potential supply chain attacks originating from sophisticated threat actors like UAT-7290.
Source: China-Linked UAT-7290 Targets Telecoms with Linux Malware and ORB Nodes
コメント