Mobile Operators Worldwide Hit By Espionage Attacks

Researchers have uncovered an attack on mobile telecommunications providers that affected more than 10 companies around the world and resulted in the theft of gigabytes of data on highly targeted individuals.

The ongoing operation appears to be aimed at stealing personal and corporate information related to individuals in government, law enforcement and politics, said US-Israeli firm Cybereason on Monday night.

They said the tools and techniques used indicated the attacks may have been carried out by a threat group known as APT10, which is thought to be affiliated with Chinese military intelligence.

“The tools and techniques used throughout these attacks are consistent with several Chinese threat actors, specifically with APT10,” Cybereason said in an advisory.


European targets

The Boston-based firm said telecoms companies in multiple countries were affected, in regions including Asia, Africa, the Middle East and Western Europe.

It first detected the intrusion on the systems of a client telecoms firm in 2018, with its investigation indicating the attacks may have begun in 2017 or earlier.

The attackers had gained complete administrative control over the target’s network, becoming in effect a shadow IT department, Cybereason said.

This access was used to access a call detail record (CDR) database and steal data related to 20 specific individuals.

The metadata collected, including SIM identifiers, call records and which cell tower a phone connected to at given times, allowed the attackers to build up a detailed picture of the individuals’ activities.

Cybereason found indicators leading it to believe that at least nine other telcos may have been similarly compromised, but didn’t release details on the companies affected.

Government link

The attackers were highly sophisticated, abandoning one line of attack when it was discovered, only to return months later with different tools and techniques.

They changed their methods regularly every quarter.

Cybereason said it had found more than five different tools used in the attack that have also been associated with APT10, including the China Chopper web shell, the Poison Ivy remote-access trojan and the nbtscan scanning tool.

While the firm acknowledged that it could not rule out a copycat attack, it said it was able to say with a “high level of certainty” that the attacks were affiliated with China and were likely to be backed by the state.

The US indicted two alleged members of APT10 in December, and it and other Western countries have linked the group with attacks aimed at stealing intellectual property.

The group has previously been linked to attacks on UK companies and on the Ministry of Defence.

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

Smartphone Shipments To Rebound In 2024, Says Counterpoint

Relief for Apple, Samsung etc after smartphone shipments are predicted to recover in 2024, as…

13 mins ago

Ericsson To Cut 1,200 Jobs in Sweden Amid ‘Challenging’ Market

Swedish telecoms giant Ericsson blamed “challenging mobile networks market” and “further volume contraction” for job…

21 hours ago

FTX’s Sam Bankman-Fried Sentenced To 25 Years In Prison For $8bn Fraud

Dramatic downfall. Sam Bankman-Fried sentenced to 25 years in prison for masterminding $8bn fraud that…

22 hours ago

Elon Musk Orders FSD Demo For Every Tesla US Sale

Fallout avoidance? Tesla buyers in the US must be shown how to use the FSD…

23 hours ago

Amazon Pumps Another $2.75 Billion Into Anthropic

Amazon completes its $4bn investment into AI firm Anthropic, after providing an additional $2.75bn in…

1 day ago