Hackers have stolen call records from more than ten global Telecom providers as part of a massive-scale espionage attempt against at least 20 individuals, according to Israeli-US intelligence firm Cybereason.
An ongoing multi-year cyber attack campaign tied to China dubbed Operation Softcell has targeted 20 military and law enforcement officials in Asia, Europe, Africa, and the Middle East since 2012, according to the firm.
“This attack has widespread implications, not just for individuals, but also for organizations and countries alike. The use of specific tools and the choice to hide ongoing operations for years points to a nation-state threat actor, most likely China,” the firm stated.
Cybereason declined to name the individuals or the telecom firms targeted, citing privacy concerns but the sophistication of the attack was indicative of the government capabilities, according to Lior Div, Chief Executive Officer of Cybereason.
“For this level of sophistication, it’s not a criminal group. It is a government that has capabilities to do this kind of attack,” Div told Reuters.
The firm says it discovered the hacks after detecting unusual network traffic between computer and call-data record databases with activity dating as far back as 2012.
The suspected Chinese hackers used spear phishing and other tactics to infiltrate telecom companies, stealing log-in credentials and identifying accounts with access to servers containing the call records.
The hackers infiltrated smartphones by creating admin accounts and using VPNs, appearing as telecom employees and accessed phone records with users’ locations, logs of call, and text history.
According to Cybereason, the servers, domains and internet-protocol addresses came from China, Hong Kong, or Taiwan and gave hackers access to the carriers’ entire active directory, exposing hundreds of millions of users.
While Cybereason says it cant’ be wholly ruled out that a non-Chinese actor mirrored the attacks, it appears the cyber attacks may be linked to a notorious Chinese hacking group.
Chinese Hacking Group APT 10
The hackers’ digital activity and methods mimic those of Advanced Persistent Threat 10 (APT 10), a Chinese hacking group of which the U.S. Department of Justice indicted two members in December.
Members of the group have been indicted for accessing gigabytes of sensitive data from firms involved in the fields of aviation, space and satellite, manufacturing, pharmaceuticals, oil and gas exploration, communications, computer processor and maritime, according to the indictment.
Top targets of APT 10’s previous hacking campaign included NASA Goddard Space Centre and Jet Propulsion Laboratory and the U.S. Department of Energy’s Lawrence Berkeley National Laboratory.
Operation Softcell Reveals Vulnerability of 4G/ LTE Networks
The purpose of these attacks was to gather intelligence, rather than more traditional cybercrime motives such as gaining access to monetizable assets such as bank accounts or credit-card data, according to experts.
The fact that hackers efficiently targeted U.S. and global telecoms using existing 4G LTE networks reveal significant vulnerabilities which could come into play as the U.S. rolls out 5G networks nationwide.
“Beyond targeting individual users, this attack is also alarming because of the threat posed by the control of a telecommunications provider. Telecommunications has become a critical infrastructure for the majority of world powers. A threat actor with total access to a telecommunications provider, as is the case here, can attack however they want passively and also actively work to sabotage the network,” the firm said in a statement.