China’s cyber operations are once again in the spotlight, after a US cybersecurity firm warned of worrying activities from a Chinese-linked group.
CrowdStrike in a blog post on Tuesday warned that LightBasin (also known as UNC1945) is an “activity cluster that has been consistently targeting the telecommunications sector at a global scale since at least 2016, leveraging custom tools and an in-depth knowledge of telecommunications network architectures.”
LightBasin has reportedly been burrowing into mobile telephone networks around the world and used specialised tools to grab calling records and text messages from telecommunication carriers.
CrowdStrike has labelled LightBasin as a “sophisticated actor” and it “employs significant operational security (OPSEC) measures, primarily establishing implants across Linux and Solaris servers, with a particular focus on specific telecommunications systems, and only interacting with Windows systems as needed.
The sophisticated nature of the group and their significant OPSEC measures are a clear indication for experienced observers that the group is state sponsored or linked in some other way to a nation state.
In this case, CrowdStrike is not directly attributing LightBasin to the Chinese government, but the developer of one the group’s tools “has some knowledge of the Chinese language.”
And CrowdStrike has said attacks had connections to China including cryptography relying on Pinyin phonetic versions of Chinese language characters, as well as techniques that echoed previous attacks by the Chinese government.
The nature of the data targeted by LightBasin “aligns with information likely to be of significant interest to signals intelligence organisations.”
Telecom firms have long been targets for nation-state hackers, as call records can often be valuable data, showing which numbers called each other, how often calls were made, and for how long.
Meanwhile CrowdStrike senior VP Adam Meyers told Reuters his company gleaned the information by responding to incidents in multiple countries, which he declined to name.
However CrowdStrike on Tuesday published technical details to let other companies check for similar attacks.
Meyers said the programs could retrieve specific data unobtrusively. “I’ve never seen this degree of purpose-built tools,” he told Reuters.
The Chinese embassy in Washington did not respond to questions from Reuters.
Asked for comment, the U.S. Cybersecurity and Infrastructure Security Agency said it was aware of the CrowdStrike report and would continue to work closely with US carriers.
“This report reflects the ongoing cybersecurity risks facing organisations large and small and the need to take concerted action,” an official told Reuters via a spokesperson.
“Common sense steps include implementing multifactor authentication, patching, updating software, deploying threat detection capabilities, and maintaining an incident response plan,” the official reportedly said.
Tesla retreats from pioneering gigacasting manufacturing process, amid cost cutting and challenges at EV giant
No skynet please. After the US, UK and France pledge human only control of nuclear…
Microsoft's AI investments continue in south east Asia, after investments in Japan, Malaysia, Indonesia, as…
New chapter for LastPass as it becomes an independent company to focus on cybersecurity, after…
US FCC seeks to ban Chinese telecom firms at centre of national security concerns from…
Two updates to Anthropic's AI chatbot Claude sees arrival of a new business-focused plan, as…
View Comments
Does make you wonder whether going fully VOIP rather than having a backup POTS is such a clever idea in the UK, both from security and risk of natural disasters such as solar flares?
Which does make you wonder how well electric vehicles will be from the same risks - the horse and cart might yet make a come back!