Israeli and US cyber security firm Cyberory announced a new report on June 24, stating that hackers supported by a country have violated the system of at least ten mobile operators around the world. gender for the purpose of stealing metadata related to specific users. Although not yet confirmed, these hackers are believed to have contacted the Chinese government.
However, the report did not name targeted mobile carriers.
Cyberory said the attacks were very sophisticated and large-scale, they named it Operation Softcell, bearing the imprint of a national-scale action and targeting individuals who are military and home officials. Political dissent is linked to China. All evidence indicates that the Chinese government is the most suspect culprit. The range of carriers is affected in both Europe, Africa, the Middle East and Asia. However, there is no goal that is supposed to be in the US.
"The campaign targeted telecom providers," the network security company said. "Activities start at least 2017. Hackers have tried to steal all the data stored in the active directory, violating any usernames and passwords in the organization, along with lots of information. other personal identification information, payment data, call detail records, login information, email server, user's geographic location … "
Chinese hackers are believed to be attacking spies on a global scale.
The attack described in the report is "a cat-and-mouse game between the threat and the guardians". Because as soon as there is important information or is detected, the attacker will stop but then continue working for some time.
Cyberory also pointed out that although attacks are aimed at specific individuals, any entity that possesses the power to dominate data or servers of telecommunications providers is capable of Use this access to deactivate or completely break the system. This is like a fatal blow in case a war on the Internet happens.
According to Lior Div, Cyberory's CEO, his company never knew of a potential for large-scale espionage around the world. He calls it espionage because in essence the data collected in the attack is really important for intelligence agencies. Even if the information and the content of the call and the message are not accessed, hackers can still analyze who the object is talking to and for how long to learn the secrets behind.
Cyberory also points to a questionable arrow on China's APT10 hacker group that may be behind these attacks. This group is known for its long-term, ongoing threat to collect information as a real security agency over the years. NASA, one of APT10's previous goals, recently confirmed the database hack.
FireEye and CrowdStrike, two network security companies that followed and had the most complete record of APT10, also said they "could not confirm Cyberory's discovery, but saw the status of many groups of hackers targeting. into mobile providers ".
Two hackers believed to be involved in APT10 were prosecuted in the US last year.
According to some experts, this cyber-attack campaign may involve the United States executing a campaign against Huawei operator in particular and China's telecommunications equipment manufacturers in general,
"We have concluded with a high degree of certainty," Cyberory said in announcing his report, "that the threat is linked to China and is likely to be sponsored by the state. Tools and the technique used in these attacks is in line with some Chinese hackers' threats, especially the APT10 group, a hacker team believed to act on behalf of China's State Security Ministry. ".
Refer Forbes, Wired