The World’s Cellular Network Carriers Under Mass Attack by China’s Hackers track2shop, shopdumps101com
The online threats continue to emerge around
the world, with hackers choosing bigger and bigger targets every time they
strike. According to the new information published by an Israeli-U.S.
cybersecurity firm, Cybereason, the so-called nation-state hackers have
seemingly compromised systems of ten — possibly more — cellular carriers around
Their goal, according to the report , was to steal metadata of specific
users. So far, experts were not able to deliver definitive proof, but it is
suspected that both the hackers, as well as the targeted individuals, are
linked to China. Furthermore, the report opted not to name affected carriers.
However, it did mention that the attack’s scale and sophistication carriers the
marks of a nation-state action.
Researchers have named this series of attacks, calling it Operation Softcell. They believe that the targets are dissidents and military officers with links to China. They also suspect that hackers are backed by the Chinese government. Meanwhile, while the carriers were not named, the report admitted that they were located in numerous areas of the world, including Africa, Asia, the Middle East, and even Europe. So far, it is believed that none of the targeted cellular network carriers are US-based.
Another thing that the report points out is
that such attacks have been performed at least since 2017. Attackers were
targeting data that was kept in active directories. Along with the actual
targeted data, hackers were also able to compromise all other usernames and
passwords, as well as other data, such as billing information, credentials,
users’ location, call details, email servers, and alike.
After the attacks were detected, the attackers
would pull back, ceasing their actions. However, when it would seem that the
telecommunication companies stopped keeping such a close watch, they would
return and continue with the attack.
Naturally, the implications of the
infiltration are very significant and beyond serious. If successful, hackers
would be able to conduct deep intelligence harvesting and compromise millions
apart from their actual targets. Not only that, but this level of access could
also allow them to take control of the entire network, disrupt it, or even
crash it if they choose to do so.
Some reports claim that Cybereason’s Chief Executive, Lior Div, already gave a briefing regarding the attacks to over two dozen global carriers recently. The firms that were already compromised were furious and in disbelief when notified. Div also stated that such a mass espionage ability was never witnessed before.
As for the harvested data, it is believed that
it has quite a real value to intelligence agencies, which are able to analyze
it and note specific patterns, particularly when it comes to metadata. There is
no confirmation that content of messages or calls has been retrieved yet, but
even if not — intelligence agencies would be able to analyze the data and
determine who talked to who, when the calls took place, how long they laster,
This poses a direct threat to the network users’ privacy, as well as their physical security, as the analysis could also reveal their locations. Whenever this type of data is collected by the intelligence agencies of the US or the UK, there is a considerable privacy backlash . Not only that, but this particular campaign apparently went far beyond what the government agencies were ever aiming to collect.
Cybereason attempted to identify the hackers,
and while the security firm currently lacks any definitive proof — it remains
convinced that the group behind the attack is Chinas Advanced Persistent Threat
10 (APT10). In the past, this particular group was always known for persistent,
long-term campaigns where they would continuously harvesting data.
The group is known for its patience, which is typically rewarded with successful hacking campaigns. This particular campaign is believed to have been running for about seven years. Another of the group’s targets is believed to be NASA itself, which also recently admitted to being hacked. As mentioned, there is no proof that the group is responsible yet. Cybereason stated that it is entirely possible that another, the non-Chinese group is the culprit, and that they simply attempted to use the methods of APT10, so that this particular group would be blamed.
However, this is unlikely, as domains, servers, IP addresses, and more all come from China and surrounding countries. Other security firms, such as Crowdstrike and FireEye, which are experts when it comes to APT10, did not find enough proof to confirm Cybereason’s claims. They believe that Russian and Iranian state-sponsored hackers are equally as capable of conducting this type of attack .
So far, it is believed that one of the reasons for the attack might be due to the current US campaign against Chinese telecoms equipment manufacturers. The US has banned Huawei recently, and there are rumors that exposing these kinds of vulnerabilities might be used by China to gather intelligence from foreign countries. All of this keeps Cybereason convinced that China is the culprit, acting through APT10.