Sponsored By

Cybereason details operation soft cell: A telco security disasterCybereason details operation soft cell: A telco security disaster

Security firm reveals an ongoing global attack against telecommunications providers that has been active since at least 2017 and involves a group believed to be working on behalf of the Chinese government.

Phil Harvey

June 25, 2019

3 Min Read
Cybereason details operation soft cell: A telco security disaster

A persistent, multiyear attack by a group affiliated with the Chinese government has led to stolen customer data from at least ten telecom service providers around the world, according to media reports and information from the security vendor Cybereason.

Cybereason's CEO Lior Div detailed his firm's discovery of the attacks and its findings at the Cyber Week conference in Tel Aviv. He wouldn't provide any details about which telcos were compromised. "I'm not even going to share the continent," he said, as quoted in The New York Times.

In The Times account of his remarks, Div said his firm was called in to help a cellular service provider and discovered that hackers had broken into its billing server. The hackers used tools and methods that are consistent with several Chinese threat actors. In this case, Cybereason believes it is a group called APT10, which is believed to be a Chinese government operative.

The Chinese hackers appeared to be targeting personal details of about 20 military officials, dissidents, spies and people in law enforcement, The Wall Street Journal reported.

An analysis of the ongoing attacks, the attackers and their methods are detailed in a blog post by Cybereason, the firm that discovered the attacks and alerted the telcos. A video interview from two members of the Cybereason Nocturnus team, the company's group of cybersecurity experts, is on YouTube:

"Once we stopped looking at things as individual executions on separate machines and we said, 'Oh, this thing started here, and then moved here, and then finished here,' we were able to understand that this is something with very big proportions," Amit Serper, principal security researcher at Cybereason told Lodrina Cherne, a Cybereason security analyst, on the video.

The hackers were "attempting to steal all data stored in the active directory, compromising every single username and password in the organization, along with other personally identifiable information, billing data, call detail records, credentials, email servers, geo-location of users, and more," the Cybereason team wrote.

Why this matters
In this case, the methods used and persistence displayed are remarkable. So, too, is the potential damage this group could unleash if telecom service providers don't step up their security efforts.

"The threat actor managed to infiltrate into the deepest segments of the providers' network, including some isolated from the internet, as well as compromise critical assets," the Cybereason team wrote.

To get to a few individuals, this nation-state sponsored group of hackers was apparently able to compromise an entire telecom network. If a group can do that, it can potentially "leverage its unlawful access and control of the network to shut down or disrupt an entire cellular network as part of a larger cyber warfare operation," Cybereason wrote.

"[The companies that] collect people's data can never know which type of data will be considered as an intelligence asset," said Mor Levi, VP of security practices at Cybereason, in the YouTube video. "In telcos, specifically, it is probably well known [that] in the past few years the data that they have is an intelligence asset. But, generally speaking, data is power … it's super important to secure that data -- that's the big thing here."

Related posts: Telcos: Security Is Not In Your DNA Huawei: We're Not a Threat to Our Customers Securing 5G Networks: Making Sense of Security Service Requirements

Phil Harvey, US Bureau Chief, Light Reading

Read more about:


About the Author(s)

Phil Harvey

Editor-in-Chief, Light Reading

Phil Harvey is the Editor-in-Chief of Light Reading. He (barely) manages editorial operations and news coverage for the Light Reading network's digital properties, including Light Reading, The 5G Exchange, Connecting Africa, Telecoms.com and Broadband World News.

Phil rejoined Light Reading in 2018; he's been a member of the LR editorial staff for a combined 15 years. In between stints at Light Reading, he was the news editor at CRN and, before that, the communications director at Metaswitch Networks. During the late 90s, Phil covered networking and telecom in Silicon Valley as a staff writer at Upside (R.I.P.) and (the original) Red Herring magazine.

If you have a breaking news tip, a good podcast guest suggestion, or a three-ingredient cocktail recipe, please get in touch.

Email: [email protected]

Mobile: (202) 649-0373

Signal: (817) 734-6035

Subscribe and receive the latest news from the industry.
Join 62,000+ members. Yes it's completely free.

You May Also Like