Telecommunication service providers in Central Asia

They are identified as telecommunication service providers operating in Central Asia.
Their primary market consists of customers within the Central Asian region.
The organisation’s headquarters is located in Canada.

In May 2022, the Chinese cyber‑espionage group Moshen Dragon conducted a campaign against these providers.
The attackers initiated intrusion by employing malicious DLL sideloading through legitimate antivirus products.
This technique allowed them to execute code with high privileges on compromised systems.
After gaining initial access, they used the Impacket framework for lateral movement and credential theft.

The attackers deployed passive loaders that first verified the suitability of a target machine before activating further malware.
Once verified, the loaders launched custom backdoors such as PlugX and ShadowPad.
Throughout the operation, the actors exfiltrated large volumes of data from the telecommunication networks.
To avoid detection, they adapted their tactics and leveraged tools like WinDivert for traffic interception and payload decryption.

The incident shows that critical communications infrastructure in the region was targeted by a sophisticated cyber‑espionage group.
No explicit details about the organisation’s ownership, parent company, or subsidiary structure are provided in the source material.
Consequently, the profile is limited to the confirmed facts regarding their sector, geographic focus, headquarters location, and the documented cyber‑espionage activity.