Mobile Operators Worldwide Hit By Espionage Attacks

Researchers have uncovered an attack on mobile telecommunications providers that affected more than 10 companies around the world and resulted in the theft of gigabytes of data on highly targeted individuals.

The ongoing operation appears to be aimed at stealing personal and corporate information related to individuals in government, law enforcement and politics, said US-Israeli firm Cybereason on Monday night.

They said the tools and techniques used indicated the attacks may have been carried out by a threat group known as APT10, which is thought to be affiliated with Chinese military intelligence.

“The tools and techniques used throughout these attacks are consistent with several Chinese threat actors, specifically with APT10,” Cybereason said in an advisory.


European targets

The Boston-based firm said telecoms companies in multiple countries were affected, in regions including Asia, Africa, the Middle East and Western Europe.

It first detected the intrusion on the systems of a client telecoms firm in 2018, with its investigation indicating the attacks may have begun in 2017 or earlier.

The attackers had gained complete administrative control over the target’s network, becoming in effect a shadow IT department, Cybereason said.

This access was used to access a call detail record (CDR) database and steal data related to 20 specific individuals.

The metadata collected, including SIM identifiers, call records and which cell tower a phone connected to at given times, allowed the attackers to build up a detailed picture of the individuals’ activities.

Cybereason found indicators leading it to believe that at least nine other telcos may have been similarly compromised, but didn’t release details on the companies affected.

Government link

The attackers were highly sophisticated, abandoning one line of attack when it was discovered, only to return months later with different tools and techniques.

They changed their methods regularly every quarter.

Cybereason said it had found more than five different tools used in the attack that have also been associated with APT10, including the China Chopper web shell, the Poison Ivy remote-access trojan and the nbtscan scanning tool.

While the firm acknowledged that it could not rule out a copycat attack, it said it was able to say with a “high level of certainty” that the attacks were affiliated with China and were likely to be backed by the state.

The US indicted two alleged members of APT10 in December, and it and other Western countries have linked the group with attacks aimed at stealing intellectual property.

The group has previously been linked to attacks on UK companies and on the Ministry of Defence.

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

Craig Wright Sentenced For Contempt Of Court

Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…

2 days ago

El Salvador To Sell Or Discontinue Bitcoin Wallet, After IMF Deal

Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…

2 days ago

UK’s ICO Labels Google ‘Irresponsible’ For Tracking Change

Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…

2 days ago

EU Publishes iOS Interoperability Plans

European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…

3 days ago

Momeni Convicted In Bob Lee Murder

San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…

3 days ago