In brief: Hackers have stolen metadata from at least ten cellular carriers across the globe as part of a surveillance campaign targeting individuals of interest. It’s thought those responsible are affiliated with China, and the attacks were state sponsored.
Israeli-US cybersecurity firm Cybereason’s report claims the hackers compromised more than 10 cell networks in Europe, Africa, the Middle East and Asia over the last seven years to obtain call records of at least 20 individuals.
The stolen data included the time and date of calls, along with the individuals’ cell-based locations, allowing the hackers to track the people in question.
The tools used in the attack, which was dubbed “Operation Softcell,” are commonly associated with Chinese-affiliated threat actor APT10. “For this level of sophistication it’s not a criminal group. It is a government that has capabilities that can do this kind of attack,” Lior Div, chief executive of Cybereason, told Reuters.
The attackers broke into one of the cell networks by exploiting a vulnerability on an internet-connected web server, stealing the credentials and then gaining access to the internal networks. The process was repeated several times to gain deeper access.
“The threat actor was attempting to steal all data stored in the active directory, compromising every single username and password in the organization, along with other personally identifiable information, billing data, call detail records, credentials, email servers, geo-location of users, and more,” writes Cybereason.
China has long denied ever being behind any state-sponsored hacking, but all evidence points to the country’s involvement in these attacks.
"Cybereason said it couldn't be ruled out that a non-Chinese actor mirrored the attacks to appear as if it were APT 10," wrote the Wall Street Journal, "as part of a misdirection. But the servers, domains and internet-protocol addresses came from China, Hong Kong or Taiwan [...] All the indications are directed to China."