Cybereason exposes alleged Chinese gov't telcos hack

Cybersecurity Photo: Shutterstock ASAP Creative
Cybersecurity Photo: Shutterstock ASAP Creative

Three attack groups apparently acting for the Chinese government penetrated mobile carriers' servers, mainly in South-East Asia.

After the exposé alleging that Israeli company NSO's Pegasus product had been used by governments and intelligence agencies for surveillance of journalists and politicians, Israel defensive cybersecurity company Cybereason has exposed a similar Chinese surveillance system that, instead of targeting individuals, penetrated mobile telephony companies around the world and gathered information about their subscribers.

The attackers managed to establish themselves within networks for years and obtain information on millions of subscribers without being exposed, and they are apparently connected to Chinese government espionage services. Today, Cybereason published a report describing how the Chinese penetrated millions of mobile devices in various countries, mainly in South-East Asia. Israel is not one of the countries mentioned.

Last March, an attack dubbed Hafnium was discovered that had exploited a vulnerability in Microsoft Exchange servers. Cybereason's research team monitored the attack group's activity in order to identify additional attacks. In the course of the investigation, which lasted several months, an extensive attack campaign against mobile providers in Asia was discovered, in which the same security vulnerabilities had been exploited for years previously.

Cybereason's report finds that the espionage was carried out by three groups that sometimes acted in parallel. They managed to act undetected for years (at least from 2017) and to steal sensitive information on millions of users.

The clear overlap between the tools and the techniques that the different attack groups used has led Cybereason to surmise that they were acting in the interests of the Chinese government. The groups are named as Soft Cell, Naikon APT, and Group-3390.

The attackers were able to access the Call Detail Record on billing servers, and to find out with whom their targets spoke and when, and their locations.

Published by Globes, Israel business news - en.globes.co.il - on August 3, 2021

© Copyright of Globes Publisher Itonut (1983) Ltd. 2021

Cybersecurity Photo: Shutterstock ASAP Creative
Cybersecurity Photo: Shutterstock ASAP Creative
Twitter Facebook Linkedin RSS Newsletters גלובס Israel Business Conference 2018