Hackers linked to China breach 10 mobile operators to steal call records

The espionage campaign has been conducted for the past seven years, claim security specialists

Hackers, possibly linked to China, have quietly breached networks of more than 10 mobile carriers across the world to steal call details of multiple individuals of interest.

The massive espionage campaign has continued for the past seven years and was uncovered by researchers at security firm Cybereason.

They know everything about them without ever hacking their phone

According to the researchers, the purpose of the campaign was to carry out targeted surveillance on specific targets, without the need to install malware on different phones in order to hack them.

Researchers also claim that the attackers gained so much control over the hacked networks that they could have shut them down at a moment's notice.

The cyberespionage campaign, dubbed Operation Soft Cell, was first noticed a year ago. Since then, hackers have been found to be attacking various mobile operators to gain access to their networks and obtain call detail records (CDRs) of their targets from the database.

"They know everything about them without ever hacking their phone," Lior Div, Cybereason's co-founder, told TechCrunch.

CDRs don't include the message contents or voice recordings of calls, but they do contain vital information like dates and times of calls, as well as their location to the nearest cell. They could not only provide detailed insight into a person's life, but also identify where they reside.

In one instance, hackers gained access to the internal network of a mobile phone provider by exploiting a vulnerability on a web server. Then, they exploited each machine they found on the network and were able to gain deeper access into the network.

"You could see straight away that they know what they're after," said Amit Serper, head of security research at Cybereason.

"They would exploit one machine that was publicly accessible through the internet, dump the credentials from that machine, use the credentials stolen from the first machine and repeat the whole process several times."

AI & Machine Learning Live is returning to London on 3rd July 2019. Hear from the Met Office's Charles Ewen, AutoTrader lead data scientist Dr David Hoyle and the BBC's Noriko Matsuoka, among many others. Attendance is free to qualifying IT leaders and senior IT pros, but places are limited, so reserve yours now.

Using the access, the attackers created new accounts for themselves with special privileges to control the entire network.

While they had access to millions of people's data, hackers stole data only for selected targets, including government and military officials and politicians, suggesting that they were more interested in surveillance than disrupting communications.

The method of attack, the malware and servers used, and several other digital forensics signs indicate that hackers possibly belong to APT10, the elite hacking group based in China, linked to the Chinese military.

Equally, there is also a possibility that the hackers are attempting to pose as APT10.

Cybereason declined to reveal names of the companies affected by the espionage campaign, but said it has alerted all those companies.

According to Cybereason, it currently has no information regarding the fixes that may have implemented by the carriers to stop the breach.

Computing and CRN have united to present the Women in Tech Festival UK 2019, on 17 September in London.

The event will celebrate successful women in the IT industry, enabling attendes to hear about, and to share, personal experiences of professional journeys and challenges.

Whether you're the ‘Next Generation', an ‘Inspirational Leader', or an ‘Innovator of Tech' this event will offer inspiration on not only how to improve yourself, but how to help others too. The event is FREE for qualifying IT pros, but places will go fast