Suspected Chinese hackers attack global telecom carriers

Washington, Jun 25 (IANS): Suspected Chinese hackers have infiltrated into the networks of over a dozen telecommunication providers in Europe, Asia, Africa and the Middle East -- gaining control and stealing hundreds of gigabytes of data of individuals, a US-based cyber security firm has revealed.

Any entity that possesses the power to take over the networks of telecommunications providers can potentially leverage its unlawful access and control of the network to shut down or disrupt an entire cellular network as part of a larger cyber warfare operation, said Boston-based Cyberreason.

The team at Cybereason, as part of their Operation Soft Cell, has concluded "with a high level of certainty that the threat actor is affiliated with China and is likely state sponsored".

"The tools and techniques used throughout these attacks are consistent with several Chinese threat actors, specifically with APT10, a threat actor believed to operate on behalf of the Chinese Ministry of State Security (MSS)," said the firm on Monday.

The hackers have obtained all data stored in the active directory, compromising every single username and password in the organization, along with other personally identifiable information, billing data, call detail records, credentials, email servers, geo-location of users and more.

"Last year, we identified a threat actor that has been operating in telecommunications provider environments for at least two years. We performed a post-incident review of the attacks and were able to identify changes in the attack patterns along with new activity every quarter," said Amit Serper, Cybereason's Head of security research.

"This type of targeted cyber espionage is usually the work of nation state threat actors," he added.

The attack began with a web shell running on a vulnerable, publicly-facing server, from which the attackers gathered information about the network and propagated across the network.

The threat actor attempted to compromise critical assets, such as database servers, billing servers, and the active directory. As malicious activity was detected and remediated against, the threat actor stopped the attack.

During the persistent attack, the attackers worked in waves - abandoning one thread of attack when it was detected and stopped, only to return months later with new tools and techniques.

In 2018, 30 per cent of the telecommunications providers reported sensitive customer information was stolen due to an attack.

In the past 13 years, mobile cellular phone subscribers have quadrupled in size and sit at eight billion subscribers today.

Due to their wide availability and the fundamental service they bring, telecommunications providers have become critical infrastructure for the majority of world powers.

"Much like telecommunication providers, many other critical infrastructure organizations provide a valuable targets for nation state threat actors, due to their high impact," said the researchers.

The threat actor managed to infiltrate into the deepest segments of the providers' network, including some isolated from the internet, as well as compromise critical assets.

"Our investigation showed that these attacks were targeted, and that the threat actor sought to steal communications data of specific individuals in various countries," said Cybereason.


Top Stories

Leave a Comment

Title : Suspected Chinese hackers attack global telecom carriers


You have 2000 characters left.


Please write your correct name and email address. Kindly do not post any personal, abusive, defamatory, infringing, obscene, indecent, discriminatory or unlawful or similar comments. will not be responsible for any defamatory message posted under this article.

Please note that sending false messages to insult, defame, intimidate, mislead or deceive people or to intentionally cause public disorder is punishable under law. It is obligatory on Daijiworld to provide the IP address and other details of senders of such comments, to the authority concerned upon request.

Hence, sending offensive comments using daijiworld will be purely at your own risk, and in no way will be held responsible.

Security Validation

Enter the characters in the image