Security researchers have uncovered a massive espionage campaign involving the theft of call records from hacked cell network providers to conduct targeted surveillance on at least 20 individuals.
The hackers have broken into the systems of more than ten global telecoms companies and taken large amounts of personal and corporate data, according to the US-Israeli cybersecurity firm Cybereason. The hackers behind the attack, dubbed “Operation Soft Cell,” are believed to be linked to China.
Cybereason researchers said they first detected the attacks about a year ago. Before and since then, the hackers broke into one cell provider after the other to gain continued and persistent access to the networks. Their goal, the researchers believe, is to obtain and download rolling records on the target from the cell provider’s database without having to deploy malware on each target’s device.
“Operation Soft Cell gave hackers access to the carriers’ entire active directory, an exposure of hundreds of millions of users... [with] the hackers creating high-privileged accounts that allowed them to roam through the telecoms’ systems, appearing as if they were legitimate employees,” The Wall Street Journal reported.
According to Cybereason, the advanced, persistent attack has been active since at least 2017. “The threat actor was attempting to steal all data stored in the active directory, compromising every single username and password in the organization, along with other personally identifiable information, billing data, call detail records, credentials, email servers, geo-location of users, and more.”
“We’ve concluded with a high level of certainty that the threat actor is affiliated with China and is likely state-sponsored,” the researchers said. “The tools and techniques used throughout these attacks are consistent with several Chinese threat actors, specifically with APT10, a threat actor believed to operate on behalf of the Chinese Ministry of State Security (MSS).”
Cybereason also pointed out that “even though the attacks targeted specific individuals, any entity that possesses the power to take over the networks of telecommunications providers can potentially leverage its unlawful access and control of the network to shut down or disrupt an entire cellular network as part of a larger cyber warfare operation.”
[Sources: Reuters, TechCrunch, Forbes, The Verge]