Massive telecommunication data breach linked to Chinese hackers, says Israeli security firm

Attackers breached a telecommunication company in a massive data espionage campaign, said U.S.-Isreali cyber firm Cybereason, naming the breach Operation Soft Cell.

In one scenario, the attack was carried out in four waves in a period of six months, each using different tools and malicious payloads. It grew increasingly sophisticated with every subsequent wave, using custom tools previously unknown to researchers.

In a blog post, Cybereason said that there’s a “very high probability that the threat actor behind these malicious operations is backed by a nation state, and is affiliated with China.”

Furthermore, Cyberreason noted that the attacker’s motive, tactics, and indicators of compromise, closely resemble ATP10, a known Chinese hacker group.

Lior Div, the chief executive officer of Cybereason, corroborated the report’s results. “For this level of sophistication, it’s not a criminal group. It is a government that has the capabilities that can do this kind of attack,” he said to Reuters.

Aside from detecting tools that were based on existing tools commonly associated with Chinese actors, the blog post says another factor in determining the attacker’s identity is intent. Whereas rogue organizations typically target financial data, nation-state threat actors tend to pursue intellectual properties or personal information.

The targets of Operation Soft Cell are telecommunication providers’ CDR records, which contain call routing information, device details, physical location, and device vendor and version. This information can reveal personal details including call contacts and the user’s travel behavior.

The information could then be used to target foreign intelligence agents, politicians, and law enforcement.

The blog post also stresses the potential for a network meltdown if the attacker chooses to sabotage the infrastructure operation, given that they have total control over the network.

The attack had been active since at least 2012 and had infiltrated the deepest segments of the target’s network, stealing critical assets, said the report. Breached sectors include production servers, database servers, and unrestricted access to the domain controller.

Cybereason has yet to disclose the extent of the breach and the number of affected records, nor has it released information about which companies were breached and their location.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Tom Li
Tom Li
Telecommunication and consumer hardware are Tom's main beats at IT World Canada. He loves to talk about Canada's network infrastructure, semiconductor products, and of course, anything hot and new in the consumer technology space. You'll also occasionally see his name appended to articles on cloud, security, and SaaS-related news. If you're ever up for a lengthy discussion about the nuances of each of the above sectors or have an upcoming product that people will love, feel free to drop him a line at tli@itwc.ca.

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now