Hackers thought to be affiliated with China's government have broken into the systems of more than a dozen global telecommunications carriers, taking with them "large amounts" of consumer and business data, according to Boston-based cybersecurity firm Cybereason.
Cybereason, which was first to identify the attacks, said that the hacks were long-running and appeared to be an intelligence operation because it targeted specific individuals. The tracked activity in the report occurred in 2018 and perhaps 2017.
“No one siphons out hundreds of gigabytes of data about a very specific amount of individuals unless it’s for intelligence [purposes],” said Amit Serper, principal security researcher at Cybereason, which published its research on Tuesday. “The attackers knew exactly what they were after.” In one instance, the hackers targeted about 20 customers of one cellular provider, according to Cybereason.
Cybereason said in its report that the tools and tactics used in the attacks are commonly associated with the Chinese threat actor APT10. “While we cannot completely rule out a ‘copy-cat’ scenario, where another threat actor might masquerade as APT10 to thwart attribution efforts, we find this option to be less likely in light of our analysis of the data,” the report noted.
During the persistent attack, the attackers worked in waves - abandoning one thread of attack when it was detected and stopped, only to return months later with new tools and techniques.
Cybereason did not identify the global carriers that were targeted in the report, but said the carriers offer services in Asia, Europe, Africa and the Middle East. Cybereason also did not name any of the individuals targeted, but said that the hackers nabbed location data, text-messaging records and call logs for these individuals.
“We never heard of this kind of mass-scale espionage ability to track any person across different countries,” said Cybereason CEO Lior Div during a briefing on the attacks, according to various media reports. Cybereason said the tracked activity in the report occurred in 2018.
Cybereason said it immediately reached out to the telecommunications providers and “provided them all of the necessary information to handle the incident internally.”
A Chinese foreign ministry spokesperson told CRN USA in a statement that they had not seen the Cybereason report. The spokesperson said in part: “I need to reiterate that China firmly opposes and legally cracks down on all forms of cyber attack and allows no country or individual to engage in cyber attack and other illegal activities in China or by using Chinese infrastructure.”
“I would like to stress once again that cyber security should be upheld by all members of the international community as it is a global issue that concerns the common interests of all countries. The cold-war and confrontational mindset will only poison the cooperation environment and contribute nothing to the peace and security of cyber space,” the statement continued.
The report comes as tensions build between the United States and China. The US has long alleged that some Chinese firms, such as Huawei and ZTE, are too close to the Chinese government. China, for it's part, has consistently denied carrying out any hacking or security threat.
But China has found itself in hot water recently with the US. In January, the US Department of Justice filed formal criminal charges against Chinese telecom firm Huawei, a 10-count indictment that charged Huawei Device Co. Ltd. and Huawei Device Co. USA with theft of trade secrets conspiracy, attempted theft of trade secrets, seven counts of wire fraud, and one count of obstruction of justice.
In related news, Huawei's CFO Meng Wanzhou was arrested in Canada at the direction of the U.S. in December 2018 after U.S. prosecutors found that Huawei was violating U.S. sanctions against selling products of U.S. origin to Iran. Also in December was the arrest of Weijing W., also known as Stanislaw Wang, Huawei's sales director in Poland, by Poland's Internal Security Agency. Wang was charged with espionage.