Technology

Chinese Hackers Linked to Global Attacks on Telcos

image

Technological development, Artificial intelligence, united states, scientific knowledge, science fiction

 

Security researchers reported that Chinese hackers are the likely perpetrators of a series of cyberattacks against telecommunications companies around the world.

The campaign, dubbed "Operation Soft Cell," has been active since 2012, according to Cybereason, an endpoint security company based in Boston.

They are evidence suggesting even earlier activity against the telecommunications providers, all of whom were outside North America, the researchers said.

The hackers attempted to steal  data stored from the organizations, including  usernames and passwords in the companies, as well as, billing data, call detail records, credentials, email servers, geo-location of users, and more, according to the report.

Based on the tools used in the attacks, such as PoisonIvy RAT, and the tactics, techniques and procedures deployed by the attackers, the campaign likely was run by APT10, a notorious group of Chinese hackers, the researchers pointed out.

The U.S. Justice Department last year indicted two members of APT10 for conspiracy to commit computer intrusions, conspiracy to commit wire fraud, and aggravated identity theft.

There is some solid evidence APT10 was behind the attacks, such as the way they customized PoisonIvy and the idiosyncratic bread crumbs they left behind, said Sam Curry, chief security officer at Cybereason.

"The way the customization  and scripting is done, is the sort of thing weve seen time and again," he told TechNewsWorld. "Theres a high probability that its a Chinese hacker."

Alarming Attack

The hackers attacked organizations in waves launched over a period of months, the report notes. During that time, they were able to map the target networks and compromise credentials. That enabled them to compromise critical assets -- such as production and database servers, and even domain controllers.

"This attack is also alarming because of the threat posed by the control of a telecommunications provider," the report states. "Telecommunications has become critical infrastructure for the majority of world powers. A threat actor with total access to a telecommunications provider, as is the case here, can attack however they want passively and also actively work to sabotage the network."

The attack has widespread implications -- not just for individuals, but also for organizations and countries alike, the Cybereason researchers said.

"The use of specific tools for ongoing operations for years points to a nation state threat actor, most likely China," they wrote. "This cyber warfare being used to establish a foothold and gather information undercover until they are ready to strike."

There are similarities between Operation Soft Cell and another telecom attack, suggested Lavi Lazarovitz, a cyber research group manager at CyberArk Labs, an information security company based in Newton, Massachusetts.

"This widespread attack on telecommunications companies has similar characteristics to Operation Socialist," he told TechNewsWorld.

A CIA and British GCHQ campaign revealed by Edward Snowden -- attempted to take control of the Belgian telecommunications company Belgacom.

"It leverages privileged accounts and probably shadow admins to allow persistency and control," Lazarovitz said.

Useful Information

Information reaped by campaigns like Operation Soft Cell can be invaluable to a foreign intelligence service, noted Jonathan Tanner, a senior security researcher at Barracuda Networks, based in Campbell, California.

"Tracking a targets daily routines alone can be useful for a number of motivations, ranging from enumerating contacts to asset recruitment, to abduction or assassination," he told TechNewsWorld.

That sort of work traditionally is carried out by surveillance teams, but with technology its becoming increasingly easy to gain that information by other means with significantly less manpower, Tanner explained.

"The irony with this breach is that many carriers actually sell this data anyway, through third parties such as Zumigo, who then resell it without checking into their buyers backgrounds," he said.

Stolen data from telcoms can be valuable to more than just Chinese intelligence agencies.

"This type of attack would greatly help Huawei in their fight to control as much of the 5G space as possible," said Jonathan Olivera, a threat analyst forCentripetal Networks, a network security company in Herdon, Virginia.

"When a country like China relies on surveillance and intellectual property theft to keep its momentum going, it will be hard to stop and prevent expansion," he told TechNewsWorld.

Familiar Playbook

The breadth and persistence of the attacks arent the only discouraging characteristics of Operation Soft Cell.

"This plays out like every other hack that weve heard about in a major organization for years," said Chet Wisniewski, principal research scientist at Sophos, a network security and threat management company based in the UK.

"These companies are not taking this stuff seriously enough, especially the ones that have sensitive information about us. The giant role these companies play in our lives demands that they take security more seriously," he told TechNewsWorld.

"The stuff that these guys did was stuff any skilled pen tester would do," Wisniewski said.

"The attacks didnt have any super secret stuff. There were no new zero-day vulnerabilities here -- no new tools that no one had ever heard of before. All the stuff was off the shelf. I could teach a college student to how to use it in a semester," he said.

"We know this playbook," Wisniewski added, "and big companies should be able to defend against it."

Cold War in Cyberspace

Campaigns like Operation Soft Cell are likely to continue without abatement, noted Satya Gupta, CTO of Virsec, an applications security company in San Jose, California.

"These attacks will continue, as long as there is political tension and unrest in any number of regions," he told TechNewsWorld. "Infrastructure attacks on all sides are trying to sow uncertainty, which has both political and financial value to the perpetrators."

As for China, it seems content with economic espionage, for the most part, but that could change in the future, too.

"As long as were involved in trade wars, Im not as worried as if China starts to feel threatened about its sphere of influence," said Richard Stiennon, chief research analyst at IT Harvest, an industry analyst firm in Birmingham, Michigan.

"If its trade wars, Chinas target of interest will be the same as its always been: economic espionage. If its sphere-of-influence stuff, then the targets of interest could escalate dramatically," he told TechNewsWorld.

"We are essentially in a cyber cold war, and many of the same factors still apply regarding escalation of hostilities and the overall desire to avoid an actual war as a result of ongoing activities," Barracudas Tanner added. "The major increase in attacks runs the risk of being seen as an act of war, which no country wants."

Newsletter