Operation Soft Cell
The campaign has been active since at least 2012 and targets telecommunications providers in multiple countries. The attackers behind the operation use a range of tools including modified versions of China Chopper, Nbtscan, Mimikatz, and hTran. Also used in the attacks are the PoisonIvy RAT, WMI, PsExec, and Winrar. The goal of the operation is to steal sensitive information including credentials, PII, billing data, and call records as well as other information.