HACKERS BELIEVED TO BE linked to China have quietly breached the networks of more than 10 mobile operators.
The espionage campaign has continued for the past seven years and was uncovered by researchers at security firm Cybereason. According to the researchers, the purpose of the campaign was to carry out targeted surveillance on specific targets, without the need to install malware on different devices.
Researchers also claim that the attackers gained so much control over the hacked networks that they could have shut them down at a moment's notice.
The cyberespionage campaign, dubbed Operation Soft Cell, was first noticed a year ago. Since then, hackers been attacking various mobile operators to gain access to their networks and obtain call detail records (CDRs) of their targets from the database.
"They know everything about them without ever hacking their phone," Lior Div, Cybereason's co-founder, told TechCrunch.
CDRs don't include the message contents or voice recordings of calls, but they do contain vital information like dates and times of calls, as well as their location to the nearest cell. They could not only provide detailed insight into a person's life, but also identify where they reside.
In one instance, hackers gained access to the internal network of a mobile phone provider by exploiting a vulnerability on a web server. Then, they exploited each machine they found on the network and were able to gain deeper access into the network.
"You could see straight away that they know what they're after," said Amit Serper, head of security research at Cybereason.
"They would exploit one machine that was publicly accessible through the internet, dump the credentials from that machine, use the credentials stolen from the first machine and repeat the whole process several times."
Using the access, the attackers created new accounts for themselves with special privileges to control the entire network.
While they had access to millions of people's data, hackers stole data only for selected targets, including government and military officials and politicians, suggesting that they were more interested in surveillance than disrupting communications.
The method of attack, the malware and servers used, and several other digital forensics signs indicate that hackers possibly belong to APT10, the elite hacking group based in China, linked to the Chinese military. Equally, there's also a possibility that the hackers are attempting to pose as APT10.
Cybereason declined to reveal names of the companies affected by the espionage campaign, but said it has alerted all those companies.
According to Cybereason, it currently has no information regarding the fixes that may have implemented by the carriers to stop the breach. µ
What can a hacker hack if a hacker hacks hackers...
But we doubt people will be lining up to buy it
'Prolific' duo netted more than $100m in spree
But its library is lacking here in Blighty