Cyberattackers have been using attacking telecommunication companies across the globe since 2012, TechRadar reports. According to reports, the hackers have been using a virtual private network (VPN) to take control of the networks.
Cybereason Nocturnus detected the cyberassault which has been persisting for more than 5 years. According to the security company, hackers have been utilizing tools and strategies linked to the APT10. APT10 is a group of Chinese Nationals conducting attacks in various sectors.
The research team revealed in its report Operation Soft Cell that the hackers have been aiming at telcos from worldwide. These companies include Asia, Africa, Europe and the Middle East. The attack occurred due to the exploitation of outdated security risks.
According to Cybereason’s report, the attackers have been stealing “hundreds of gigabytes of data” from the networks’ clients. However, these malicious actors have a deeper access to the networks.
Cybereason head of security research Amit Serper noted that these violators extracted credentials for the networks. With such privileges, the criminals have the ability “shut down the network” should they desire to do so.
United States mobile companies have not been hacked by the violators. However, the victims are yet to contain the attack which means that US firms are still vulnerable.
While the malicious agents have extremely privileged access to the networks, they are using the campaign for data gathering. Operation Soft Cell revealed that the group behind the assault are only gathering customer data. Compromised info include geolocation, call logs and text messages.
Aside from this info, the team behind the breach also tried to steal billing data and personally sensitive info. They also attempted to obtain credentials and email servers, pointing to espionage.
Moreover, the report says that the attackers only obtained data from less than 100 users. These victims are reportedly targeted. Mor Levi from Crybereason emphasized that these users possibly “high-profile” and from “governments and militaries” across the globe.
With the association to Chinese-based hacker group APT10, Cybereason thinks that the team launched this assault. In fact, the security firm believes that the malicious campaign is supported by China, as per digital forensic evidence.
Operation Soft Cell has a few recommendations for security. The report says that companies need an additional security measure for web servers. Web Application FWs can prevent hacks. It also suggests exposing ports and patching them, as well as the use of EDR tools.