25 June 2019
Hackers broke into the systems of 12+ global telecom firms and stole huge amounts of data in a seven-year spying campaign, researchers from a cyber security company said, identifying links to previous Chinese cyber-espionage activities.
reuters.com/article/us-cyb…
Hackers broke into the systems of 12+ global telecom firms and stole huge amounts of data in a seven-year spying campaign, researchers from a cyber security company said, identifying links to previous Chinese cyber-espionage activities.
reuters.com/article/us-cyb…
Investigators at US-Israeli cyber firm Cybereason said the attackers compromised companies in 30+ countries and aimed to gather information on individuals in government, law-enforcement and politics.
The hackers also used tools linked to other attacks attributed to Beijing by the US & its Western allies, said Lior Div, CEO of Cybereason
“For this level of sophistication it’s not a criminal group. It is a government that has capabilities that can do this kind of attack”
“For this level of sophistication it’s not a criminal group. It is a government that has capabilities that can do this kind of attack”
Div later presented a step-by-step breakdown of the breach at a cybersecurity conference in Tel Aviv in the same session that the heads of U.S. and British cyber intelligence units and the head of Israel’s Mossad spy agency spoke.
“Right now we’re still tracking them,” he said. “On Saturday we debriefed 25+ different telcos, the biggest telcos in the world.”
A spokesman for China’s Foreign Ministry said he was not aware of the report, but added “we would never allow anyone to engage in such activities on Chinese soil or using Chinese infrastructure.”
Cybereason declined to name the companies affected or the countries they operate in, but people familiar with Chinese hacking operations said Beijing was increasingly targeting telcos in Western Europe.
Div said this latest campaign, which his team uncovered over the last nine months, compromised the internal IT network of some of those targeted, allowing the attackers to customize the infrastructure and steal vast amounts of data.
In some they managed to compromise a target’s entire active directory, giving access to every username and password in the organization. They also got hold of personal data, including billing information and call records, Cybereason said in a blog post.
cybereason.com/blog/operation…
cybereason.com/blog/operation…
“They built a perfect espionage environment,” said Div, a former commander in Israel’s military intelligence unit 8200. “They could grab information as they please on the targets that they are interested in.”
Cybereason said multiple tools used by the attackers had previously been used by a Chinese hacking group known as APT10.
The United States indicted two alleged members of APT10 in December and joined other Western countries in denouncing the group’s attacks on global technology service providers to steal intellectual property from their clients.
The company said on previous occasions it had identified attacks it suspected had come from China or Iran but it was never certain enough to name these countries.
Cybereason said: “This time as opposed to in the past we are sure enough to say that the attack originated in China”
Cybereason said: “This time as opposed to in the past we are sure enough to say that the attack originated in China”
“We managed to find not just one piece of software, we managed to find more than five different tools that this specific group used,” Div said.
• • •
Missing some Tweet in this thread? You can try to
force a refresh
