Hacker Group Linked To China Compromising Global Telecom Networks

China’s cyber operations are once again in the spotlight, after a US cybersecurity firm warned of worrying activities from a Chinese-linked group.

CrowdStrike in a blog post on Tuesday warned that LightBasin (also known as UNC1945) is an “activity cluster that has been consistently targeting the telecommunications sector at a global scale since at least 2016, leveraging custom tools and an in-depth knowledge of telecommunications network architectures.”

LightBasin has reportedly been burrowing into mobile telephone networks around the world and used specialised tools to grab calling records and text messages from telecommunication carriers.

LightBasin hackers

CrowdStrike has labelled LightBasin as a “sophisticated actor” and it “employs significant operational security (OPSEC) measures, primarily establishing implants across Linux and Solaris servers, with a particular focus on specific telecommunications systems, and only interacting with Windows systems as needed.

The sophisticated nature of the group and their significant OPSEC measures are a clear indication for experienced observers that the group is state sponsored or linked in some other way to a nation state.

In this case, CrowdStrike is not directly attributing LightBasin to the Chinese government, but the developer of one the group’s tools “has some knowledge of the Chinese language.”

And CrowdStrike has said attacks had connections to China including cryptography relying on Pinyin phonetic versions of Chinese language characters, as well as techniques that echoed previous attacks by the Chinese government.

The nature of the data targeted by LightBasin “aligns with information likely to be of significant interest to signals intelligence organisations.”

Telecom firms have long been targets for nation-state hackers, as call records can often be valuable data, showing which numbers called each other, how often calls were made, and for how long.

Meanwhile CrowdStrike senior VP Adam Meyers told Reuters his company gleaned the information by responding to incidents in multiple countries, which he declined to name.

However CrowdStrike on Tuesday published technical details to let other companies check for similar attacks.

Impressive tools

Meyers said the programs could retrieve specific data unobtrusively. “I’ve never seen this degree of purpose-built tools,” he told Reuters.

The Chinese embassy in Washington did not respond to questions from Reuters.

Asked for comment, the U.S. Cybersecurity and Infrastructure Security Agency said it was aware of the CrowdStrike report and would continue to work closely with US carriers.

“This report reflects the ongoing cybersecurity risks facing organisations large and small and the need to take concerted action,” an official told Reuters via a spokesperson.

“Common sense steps include implementing multifactor authentication, patching, updating software, deploying threat detection capabilities, and maintaining an incident response plan,” the official reportedly said.

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

View Comments

  • Does make you wonder whether going fully VOIP rather than having a backup POTS is such a clever idea in the UK, both from security and risk of natural disasters such as solar flares?

    Which does make you wonder how well electric vehicles will be from the same risks - the horse and cart might yet make a come back!

Recent Posts

Lawsuit By Former Google Staffers Cites ‘Don’t Be Evil’ Moto

Three out of the 'thanksgiving four' staff fired from Google in November 2019, hit back…

16 hours ago

Amazon’s Alabama Warehouse To Vote Again On Trade Union

Not the right outcome? Workers and staff at Amazon fulfilment centre in Bessemer, Alabama to…

17 hours ago

Meta Ordered To Sell Giphy By British Regulator

But will Zuckerberg obey? The UK's CMA watchdog orders Facebook to sell Giphy, after concluding…

20 hours ago

Clearview AI Faces £17m Fine For ‘Serious’ Data Protection Breaches

American facial recognition firm Clearview AI is facing a possible £17 million fine over “serious…

21 hours ago

Bye Jack. Twitter Co-Founder And CEO Jack Dorsey Steps down

End of the road for Jack. Twitter's Jack Dorsey steps down from CEO role for…

22 hours ago