Chinese hackers suspected of attacking global telecoms carriers

Posted:
in General Discussion
A Chinese government-backed group called APT 10 could be behind an unprecedented hack that granted high level access to at least ten global telecommunications carriers, permissions that were subsequently used to track specific spies, law enforcement, military personnel and dissidents linked to China.

A telecommunications tower. (Photo: Bidgee via Wiki Commons)
A telecommunications tower. (Photo: Bidgee via Wiki Commons)


Boston-based cybersecurity firm Cybereason Inc., claims to have identified an attack it calls Operation Soft Cell, which affected at least 10 carriers over the last few years, and is continuing now. As part of the ongoing intrusion, hackers reportedly attacked and infiltrated the networks of global phone carriers in order to track around 20 specific individuals of interest to China.

According to the Wall Street Journal, Cybereason's CEO Lior Div briefed over two dozen carriers about the issue this weekend.

"We never heard of this kind of mass-scale espionage ability to track any person across different countries," Div told the Journal. "All the indications are directed to China."

While Cybereason fell short of identifying the attackers, it said the bad actors left behind digital fingerprints pointing to APT 10, a group believed to be backed by the Chinese government. Last year, two alleged members of APT 10 were indicted by the U.S. Department of Justice for hacks targeting businesses and government agencies, the report said.

Cybereason's head of security research, Amit Serper, says the hackers did not listen in on calls, but instead harvested data about user location, movement and everyone they contacted. "They owned the entire network," he said.

Amongst other techniques, they reportedly gained access through spear phishing, the sending of emails purportedly from trust sources. They then stole log-in credentials, created admin accounts and through using VPNs, disguised their location to make it appear as if they were legitimate users within the telecoms firm.

How the hack was done. Left: an overview. Right: more technical detail
How the hack was done. Left: an overview. Right: more technical detail


Once able to enter the system, they accessed phone records which gave them call logs showing location, plus a complete list of who the target phoned or texted.

Cybereason would not reveal the carriers affected nor name the military, dissidents or other individuals whose details and movements had been tracked. The Wall Street Journal says that it has not been able to independently confirm the report and notes that China has always denied using cyberattacks.

However, senior manager of FireEye Intelligence, Ben Read, separately told the Journal that APT 10 has been less visibly active since the DOJ indictments but is likely to be continuing. "They're one of the most active China groups we track," he said.

Comments

  • Reply 1 of 13
    hentaiboyhentaiboy Posts: 974member
    Ironic seeing how the US is busy cyber-attacking Iran as we speak.
    avon b7Ciprol
  • Reply 2 of 13
    CiprolCiprol Posts: 24member
    Venezuela's power grid crash is heavily tainted by some American scent too.
  • Reply 3 of 13
    "If you don't buy from us, we will hack you!"
    magman1979olsanantksundaramwatto_cobra
  • Reply 4 of 13
    1348513485 Posts: 57member
    "It was the best of times. it was the worst of times, it was the age of wisdom, it was the age of foolishness..."


  • Reply 5 of 13
    People are so quick to forget what Snowden told us about the utterly pervasive US surveillance of EVERYONE!

    Only a fool would think China is behaving any differently to Western Governments but those stories don't make for great propaganda.
    dysamoriaavon b7mac_dogFileMakerFeller
  • Reply 6 of 13
    sacto joesacto joe Posts: 742member
    Wow! Apologists for hacking! “Everybody does it” is a lousy excuse. The only excuse for hacking is to stop the hacking.
    magman1979olscat52anantksundaramwatto_cobra
  • Reply 7 of 13
    dysamoriadysamoria Posts: 2,212member
    sacto joe said:
    Wow! Apologists for hacking! “Everybody does it” is a lousy excuse. The only excuse for hacking is to stop the hacking.
    That mischaracterizes the previous comments.
    FileMakerFeller
  • Reply 8 of 13
    mac_dogmac_dog Posts: 689member
    sacto joe said:
    Wow! Apologists for hacking! “Everybody does it” is a lousy excuse. The only excuse for hacking is to stop the hacking.
    Yeah. How about we clean up our own backyard first—meaning our nefarious government spying on its own citizens. 
    FileMakerFellermuthuk_vanalingam
  • Reply 9 of 13
    Paging @avon b7  and crew urgently! Paging @avon b7 and crew urgently!

    Your bosses need you...
    edited June 25 watto_cobra
  • Reply 10 of 13
    hentaiboy said:
    Ironic seeing how the US is busy cyber-attacking Iran as we speak.
    Oh yeah, it’s the same thing...

    Sheesh, we really do have some keepers here. 
    watto_cobra
  • Reply 11 of 13
    dysamoria said:
    sacto joe said:
    Wow! Apologists for hacking! “Everybody does it” is a lousy excuse. The only excuse for hacking is to stop the hacking.
    That mischaracterizes the previous comments.
    How so? 

    It felt exactly rightly characterized to me. 
    watto_cobra
  • Reply 12 of 13
    Paging @avon b7  and crew urgently! Paging @avon b7 and crew urgently!

    Your bosses need you...
    LOL. So in one thread, you wish forum admins ban him without naming him explicitly. Yet, in another thread you miss him badly!!! 
  • Reply 13 of 13
    anantksundaramanantksundaram Posts: 19,223member
    Paging @avon b7  and crew urgently! Paging @avon b7 and crew urgently!

    Your bosses need you...
    LOL. So in one thread, you wish forum admins ban him without naming him explicitly. Yet, in another thread you miss him badly!!! 
    I humbly suggest your looking up the meaning of the word “sarcasm.”
    watto_cobra
Sign In or Register to comment.