World’s Cellular Networks Compromised by Massive Multi-Year Espionage Operation
by Olivier Blanchard | July 4, 2019

Security researchers at Boston-based Cybereason uncovered a massive hack of global cell networks that they believe have been going on for at least the last seven years. Operation Soft Cell was identified as an “advanced, persistent attack, targeting a large global telecommunications provider and carried out by a threat actor using tools and techniques commonly associated with Chinese-affiliated threat actors, such as APT10. This multi-wave attack focused on obtaining data of specific, high-value targets and resulted in a complete takeover of the network.” TechCrunch extensively covered the hack, and you can read that here. For the full report, read it at Cybereason

World’s Cellular Networks Compromised by Massive Multi-Year Espionage Operation

According to Cybereason’s findings, this hack aimed at accessing CDRs (call data records) of various global telecommunication companies was a persistent one, occurring in waves over the course of at least seven years. Cybereason reported that the goal of the attack was to conduct targeted surveillance on individuals of interest, including politicians and spies.

Why target CDR data? CDR data is valuable for hyper-targeted cyber espionage because it contains call logs, cell tower location, email server identification, billing information, credentials, and more and allows for hyper-targeted cyber espionage.

Cybereason ascertained the hackers were able to steal all data stored in the telco’s active directory, compromising all usernames and passwords within the organization, as well as any other personally identifiable information they could get their hands on.

In instances where the attack was detected and stopped it was abandoned, but then later picked up and reinstated, using completely different tactics and tools, showing extreme patience and a long-term game plan.

Some Background: Advanced Persistent Threats

Advanced Persistent Threats, or APTs, are generally prolonged, persistent attacks that are target specific systems in order to gain all information possible about those systems and targets. While anyone can launch an APT, these hacks are most often a tactic used by military and governments.

APT10, which is believed (but not proven) to be behind these APTs aimed at telecoms, was first seen in action in about 2009 and is most often associated with the Chinese Ministry of State Security (MSS). Headquartered in Bejing, MSS is an intelligence and security agency responsible for political security, foreign intelligence, and counter-intelligence.

Attacks attributed to APT10 generally target any person, organization, trade lobby, or anyone involved in research and development and/or trade negotiations that are perceived to be in competition with Chinese commercial entities. This includes industries like aerospace, engineering, construction, telecoms, and of course governments all over the world.

Where Does Huawei Fit In this Equation?

So, where does Huawei fit in this equation? Great question. Definitely something to bookmark for later discussions about how Huawei may yet play a role in facilitating espionage, political interference, and the potential disruption of cellular networks for and by the Chinese military.

It Gets Worse — They Can Do Whatever They Want

While this hack would be consistent with an operation to not only spy on but potentially blackmail high level bureaucrats, political candidates, military personnel, prosecutors, law enforcement officials, judges, and of course diplomats, it gets worse.

“Given the complexity of the attacks and the skills of the hackers, Cybereason says it’s likely a nation-state is behind the attacks. The most likely culprit, Cyberreason says, is a group known as APT 10, a hacking collective believed to be backed by China. What’s most frightening about the hacks is that the hackers appear to have virtually unlimited control over the networks, according to Cybereason’s head of security research, Amit Serper. “They can do whatever they want,” he told CNET. “Since they have such access, they could shut down the network tomorrow if they wanted to.”

You read that correctly: They could shut down the network tomorrow if they wanted to. Think about the enormity of that for a minute.

Filed under: Why Huawei should still be regarded as a serious security threat to the integrity of 4G and 5G networks.

Futurum Research provides industry research and analysis. These columns are for educational purposes only and should not be considered in any way investment advice.

Related articles:

In the absence of clarity, chaos. How an Executive Order focused on technology security could end up harming US technology leadership


Follow me
Close Menu