Mobile networks around the world hacked. Attack possibly originated from China

A number of telecommunications operators around the world have had sensitive information on their networks compromised by hackers according to a report by security research firm Cybereason. In the report, Cybereason also shared its recommendations on how operators can mitigate the security risk.

The company said that at least 10 global telecoms companies have been attacked by hackers. The attacks, dubbed the Soft Cell breach, is believed to bore the tell-tale signs of a state-backed attack that is likely to be linked to the Chinese government.

The hackers have managed to gain access to more than 10 mobile networks around the world to obtain massive amounts of data — including times and dates of calls, and their cell-based locations — on at least 20 prominent individuals.

The data provided a highly detailed profile of anyone, including the persons-of-interest, who are using the compromised networks including their physical location.

According to the report the hackers were “attempting to steal all data stored in the (compromised networks) active directory, compromising every single username and password in the organisation, along with other personally identifiable information, billing data, call detail records, credentials, email servers, geo-location of users and more,”

The researchers found the hackers got into one of the cell networks by exploiting a vulnerability on an internet-connected web server to gain a foothold into the mobile operator’s internal network. From there, the hackers continued to exploit each machine they found by stealing credentials to gain deeper access.

Cybereason first identified the attacks over the last nine months. With each network that the hackers were able to break into, they got faster and more efficient at breaking into other networks because of the knowledge gained from attacking previous networks.

With the information, the hackers were able to gain virtually unhindered access to the compromised networks. Cybereason believes the method allows the hackers to obtain records pertaining to a person of interest directly from the information gathered without having to gain direct access to each target’s device.

Cybereason didn’t provide the names of the networks affected by the breach but said the individuals targeted were military officials, dissidents, spies and law enforcement, spanning Asia, Europe, Africa and the Middle East.

However, Cybereason revealed that there attack very likely originated from China specifically by a group known as APT 10 that is believed to be backed by the Chinese government. They say this based on the tools and techniques used to gain access to the networks.

“We’ve concluded with a high level of certainty that the threat actor is affiliated with China and is likely state-sponsored,” it said, adding that the tools and techniques used through were “consistent with several Chinese threat actors,” Cybereason said.

[source, via]