Hacking group LightBasin broke into at least 13 mobile networks – report

The cybersecurity research firm said hackers were able to access subscriber information and call record details. However, the firm did not disclose the mobile network operators that were hacked.

Mike Dano, Editorial Director, 5G & Mobile Strategies

October 19, 2021

4 Min Read
Hacking group LightBasin broke into at least 13 mobile networks – report

According to a detailed report from CrowdStrike, more than a dozen mobile network operators have been infiltrated by a hacking group called LightBasin since 2019.

Importantly, the cybersecurity research firm said that the hackers were able to access subscriber information and call record details. However, the firm did not disclose the identities of the mobile network operators that were hacked, and officials did not answer questions from Light Reading about why they wouldn't name the affected companies.

Secure mobile infrastructure "is not something that you can take for granted," cautioned Adam Meyers, CrowdStrike's senior VP of intelligence, in comments to Cyberscoop.

The firm's report detailed a number of methods, both simple and complex, that the hacking group used to gain access. For example, one method involved simply attempted to log into systems using the names of standard equipment vendors.

CrowdStrike described LightBasin – also known as UNC1945 – as an "activity cluster" that has been targeting companies in the telecommunications sector since at least 2016. The firm said the group has some knowledge of the Chinese language but that it "does not assert a nexus between LightBasin and China."

Another day, another attack

This isn't the first report to call out hacks into telecom network operators. In 2019, Cybereason reported that a nation-state-backed hacking operation of Chinese origin had broken into 10 different telecom companies. However, the firm again did not name the companies that had been hacked.

"Someone was actually active in the network, going from computer to computer stealing credentials and siphoning out what can only be described as an insane amount of data – hundreds of gigabytes of data," Amit Serper, principal security researcher at Cybereason, told ZDNet at the time.

The firm said the hackers targeted companies in Europe, Africa, the Middle East and Asia, and accessed information including call data records and the geolocation of users.

But those broad reports are supplemented by more targeted hacks. For example, the US Department of Justice (DoJ) offered a detailed look at a hack into AT&T in the US. The agency reported in 2019 that AT&T call center employees took bribes to unlock millions of smartphones, and to install malware and unauthorized hardware on the company's network.

Just last month, the DoJ said one of the hackers involved in the attack, Muhammad Fahd, was sentenced to 12 years in prison for his leadership role in the seven-year scheme. The agency said the hack ultimately unlocked nearly 2 million phones, costing AT&T $200 million.

More recently, both T-Mobile and Verizon's Visible reported hacks into their own systems.

And, broadly, security researchers have warned of security vulnerabilities in mobile networking technologies ranging from Signaling System 7 (SS7) in 4G to IMSI catchers in 5G.

A 'whole-of-nation' effort

As a result, cybersecurity has long been a topic of discussion among federal regulators. For example, just months into his first term, President Biden issued an executive order to modernize the nation's defenses around cybersecurity.

"My administration is marshalling a whole-of-nation effort to confront cyber threats," he said recently.

At a federal level, a number of agencies have tackled the issue of cybersecurity over the years, ranging from the Federal Trade Commission to the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA) to the National Institute for Standards and Technology (NIST).

Most recently, the FCC has been soliciting comments over its plan to use its equipment authorization program to attempt to block devices, including Internet of Things (IoT) gadgets, from threatening the nation's communications networks. After all, the Mirai Botnet attack of 2016 leveraged insecure IoT devices.

In responding to the FCC's proposal, the Consumer Technology Association (CTA) trade group warned against overburdensome government mandates. "The government should promote security by using industry-driven solutions that can adapt to the pace of innovation in a way that regulation cannot," the association – which hosts the annual CES trade show – wrote this week.

But Charter Communications, one of the nation's largest cable companies, said it supports the FCC's efforts. Specifically, the company called on the agency to impose more secure passwords on the devices it authorizes.

"Charter encourages the commission to authorize only consumer devices that can deter these threats by requiring users to set strong on-device administrative passwords and requiring that such devices affirmatively seek and obtain appropriate authorization before the device can connect to that broadband network," Charter told the FCC this week. "Requiring device manufacturers to build in affirmative authentication capabilities would be a cost-efficient safeguard against cybersecurity attacks. These basic requirements would significantly enhance the security of devices without the need for the commission to prescribe any detailed cybersecurity standards."

Related posts:

Mike Dano, Editorial Director, 5G & Mobile Strategies, Light Reading | @mikeddano

About the Author(s)

Mike Dano

Editorial Director, 5G & Mobile Strategies, Light Reading

Mike Dano is Light Reading's Editorial Director, 5G & Mobile Strategies. Mike can be reached at [email protected], @mikeddano or on LinkedIn.

Based in Denver, Mike has covered the wireless industry as a journalist for almost two decades, first at RCR Wireless News and then at FierceWireless and recalls once writing a story about the transition from black and white to color screens on cell phones.

Subscribe and receive the latest news from the industry.
Join 62,000+ members. Yes it's completely free.

You May Also Like