Hackers have been stealing call records from a dozen carriers for years

No North American cellular network has been targeted so far.

hackers-target-over-dozen-global-carrier Image credit: Pixabay

What you need to know

  • Cybereason has discovered a massive cyber-espionage campaign that has been targeting cellular networks for seven years.
  • Nearly a dozen cellular networks have been hacked so far, allowing hackers to steal massive amounts of sensitive data.
  • The cybersecurity company believes there is a “very high probability” of the hackers being backed by a nation-state.

An investigation conducted by researchers at Cybereason, a Boston-based cybersecurity company, has revealed that hackers have broken in to more than 10 cellular networks across Asia, Africa, Europe, and the Middle East. The “massive-scale” cyber-espionage involved stealing gargantuan amounts of sensitive data, including call records and geolocation data.

According to the security researchers at Cybereason, hackers managed to break into about a dozen carriers by exploiting vulnerabilities on their public web servers to access the internal network. They then attempted to gain access to other computers on the network with the help of stolen credentials until they eventually made their way to the domain controller. Access to the domain controller not only lets the hackers get to the call detail record database but also gives them control over the entire network. Interestingly, the hackers obtained hundreds of gigabytes of data about a small group of about 20 customers of a cellular provider in one instance, pointing at targeted surveillance.

They would exploit one machine that was publicly accessible through the internet, dump the credentials from that machine, use the credentials stolen from the first machine and repeat the whole process several times.

While Cybereason first detected the cyber-espionage campaign only a year ago, the company says that the attacks have been happening for seven years. The tools used by the hackers seem to hint at a connection to China’s APT10 hacking group. Cybereason believes it is also possible that the hackers might be trying to frame APT10 as the culprit, since those tools are publicly available to everyone.

7915mint_mobilenations_banner_february_19.jp

Given the sensitivity of the issue, the company hasn’t named any cell network that has been targeted by the hackers. However, it did reach out to the affected networks and recommended them to implement a few fixes to ensure hackers are not able to intrude their internal networks again. Even though the hackers continue to attack more companies, the researchers at Cybereason have not found any instances of hackers attempting to attack North American carriers yet.

While China and U.S. have agreed to resume trade talks ahead of the G20 meeting in Japan, the U.S. government maintains that Chinese equipment makers such as Huawei pose a national security risk. After accusing Huawei of working with China’s spy agencies, the Trump administration finally issued an executive order last month, banning U.S. companies from doing business with companies placed on the Entity List. While the ban has been temporarily eased, it is expected to come into full effect on August 20.