[ad_1]
A security firm is claiming Chinese state-sponsored hackers have been infiltrating cellular networks for years to steal call log and location data from high-value individuals across the world.
According to Boston-based Cybereason, the hackers targeted close to a dozen global telecommunication providers in an attempt to spy on people involved in politics, government work, and military affairs.
“The damage to the targeted individuals can go all the way to fully tracking of locations, meetings, and texts,” the IT security firm said. “Hundreds of gigabytes of call data records were stolen each time the hackers exfiltrated data.”
So far, Cybereason has uncovered no evidence that any North America-based carriers were hit. The hackers also focused on stealing metadata, which would allow them to figure out the source, destination, and duration of a person’s phone call, but not listen in on the actual content.
“A very specific and targeted list of less than 30 people were targeted but that was with only one of the cellular providers,” the company told PCMag. “We assume there are many others that have been hacked that have services with other telcos.”
The attacks have been ongoing since at least 2017. And according to Cybereason, China is likely involved. The IT security firm claims the culprits used tools and techniques that match the tactics used by three Chinese hacking groups, including one known as APT 10. Last year, the US charged two Chinese nationals for being members of APT10, which has been accused of stealing data from several US government agencies including NASA and the Department of Energy.
Cybereason briefed more than two dozen global carriers about the hacking operation this past The Wall Street Journal reports.
Cybereason is declining to provide specific details about the attacks, including which telecommunication providers were hit and samples of the malware. The FBI hasn’t commented on the hacking operation. So far, no telecommunication provider has mentioned any breach tied to the attacks.
For now, Cybereason has only said the hackers struck by targeting vulnerable web servers the telecommunication providers had on the open internet. Once compromised, the hackers sought out login credentials that could allow them to break into the telecommunication providers’ private corporate networks.
“The threat actor was attempting to steal all data stored in the active directory, compromising every single username and password in the organization, along with other personally identifiable information, billing data, call detail records, credentials, email servers, geo-location of users, and more,” Cybereason said in its report about the attack.
Although Cybereason is blaming the spying campaign on a Chinese hacking group, the security firm notes that some of the hacking tools involved in the operation have been disclosed, dumped, and open sourced on the internet. “While we cannot completely rule out a ‘copy-cat’ scenario, where another threat actor might masquerade as APT10 to thwart attribution efforts, we find this option to be less likely in light of our analysis of the data,” the company said.
Source link
No Comment