Telecom firms hacked to spy on targets

Telecoms Hackers

Telecoms Hackers

"It is a government that has capabilities that can do this kind of attack", Cybereason chief executive Lior Div told Reuters.

The report did not name the targeted telecommunication companies although it said hackers had hit about one-third of global telecommunications giants, with about 8 billion customers.

Reports by the researching team at Cybereason suggests that the attacks are operational for many years and have targeted around 10 unnamed cell networks across Europe, Asia, Africa, and the Middle East.

Cybereason continues to monitor the threat actor, thought to have been active since 2017, and recommends telcos take the necessary precautions in the digital security of their infrastructure.

The attackers' goal appears to have been to gain access to a small group of subscribers' call detail records, Cybereason says. The hackers also focused on stealing metadata, which would allow them to figure out the source, destination, and duration of a person's phone call, but not listen in on the actual content.

Cybereason spotted the attacks in 2018 and helped one telecoms provider through four more over the next six months.

This access was used to access a call detail record (CDR) database and steal data related to 20 specific individuals.

HACKERS BELIEVED TO BE linked to China have quietly breached the networks of more than 10 mobile operators. These CDRs provide a fairly detailed account of an individual's activities since they offer a lot of geographical information. The report doesn't implicate Huawei in any way but makes it clear that a nation-state is responsible for the cyber heist, with China being the likeliest candidate.

Suning buys controlling stake in Carrefour China
Aldi's China debut took place earlier this month , with two physical stores opened in Shanghai's Jing'an and Minhang districts. Integration among retailers has spread from online-offline alliances toward tie-up between offline chain stores.

Here's an example of the type of data that would have been available to attackers. The company can't do business with U.S. companies, and it can't provide telecom equipment in the US.

Expose as few systems or ports to the internet as possible.

Cybereason said multiple tools used by the attackers had previously been used by a Chinese hacking group known as APT10. "While we can not completely rule out a "copy-cat" scenario, where another threat actor might masquerade as APT10 to thwart attribution efforts, we find this option to be less likely in light of our analysis of the data".

The United States indicted two alleged members of APT10 in December and joined other Western countries in denouncing the group's attacks on global technology service providers to steal intellectual property from their clients.

The tactics, techniques, and procedures (TTPs) administered by the threat actor also included a modified China Chopper webshell execution.

"For this level of sophistication it's not a criminal group".

While Cybereason first detected the cyber-espionage campaign only a year ago, the company says that the attacks have been happening for seven years.

Some hundreds of millions of telecommunications customers and thousands of the providers' employees have been affected by the attack campaign.

Recommended News

We are pleased to provide this opportunity to share information, experiences and observations about what's in the news.
Some of the comments may be reprinted elsewhere in the site or in the newspaper.
Thank you for taking the time to offer your thoughts.