Security research firm Cybereason reports today (via TechCrunch) that over the last seven years, hackers have been able to break into more than 10 cellular networks worldwide to gather information on calls made by at least 20 targeted individuals. The data obtained from this operation included the dates that calls were made, the times they were connected, the locations of the callers and more. The attack, dubbed Operation Soft Cell, has been active since 2012 and was spotted by Cybereason earlier this year.
While the goal of the hackers was to obtain call detail records (CDR), other information obtained from this operation included usernames and passwords. According to the report, “the attackers worked in waves-abandoning one thread of attack when it was detected and stopped, only to return months later with new tools and techniques.” Cybereason says that it is very certain that this operation is a state-sponsored attack and is affiliated with China. The methods and tools used lead the security researcher to name APT10 as the so-called threat actor. This group reportedly works with Chinese Ministry of State Security (MSS).
So why would the MSS go to all the trouble of hacking into 10 global cell networks? As Cybereason points out, when a nation runs an operation like this, it is not about the money. It is often done to steal intellectual property or obtain information about some of the carriers’ subscribers. The data that was stolen allowed the hackers to get call records that provided the destination, and duration of a call, information on the device used to make the call, the version number of the phone and its vendor, and the physical location where the call was made. With that data, the MSS (assuming that they were behind this) was able to learn who the individuals they were targeting had been talking to, the devices they were using to make such calls and where these people were traveling to. The security research company says that this is the type of information used to gather dirt on politicians and to track law enforcement.
Example of the CDR data that was stolen during the hack