Cybereason, a cybersecurity firm reports after its investigation that at least 10 telecom companies worldwide have been infiltrated by hackers known to have ties with the Chinese government. Huge amounts of data for each company have been siphoned off as well as data on specific individuals.
The Wall Street Journal (WSJ) reported that some of the targeted individuals are military officials, spies, dissidents and law enforcement and that these attacks are tied to China which cover companies in Asia, Europe, Africa and the Middle East.
According to Cybereason, the data procured includes locations, billing info, records of text messages, and CDRs: call detail records. Actual recordings of calls and texts were not included but enough data could reveal an individual’s personal life regarding with whom, where and when they were in contact.
Cybereason says the attacks resemble previous attacks by APT 10. According to Malwarebytes LABS, advanced persistent threat (APT) groups are connected to government or military missions because they have the resources to conduct these attacks. They report that as early as 2009, APT 10 has been connected to the Chinese Ministry of State Security (MSS).
According to the WSJ, Cybereason concluded that the attacks are so sophisticated that they were able to stream from one database to another tracking people as though they (hackers) were employees of the database systems. This kind of sophistication in hacking capabilities is done by governments, reports Cybereason.
Cybereason CEO Lior Div says however, that because the attacks are so sophisticated covering up their tracks with VPNs (virtual private networks) it’s also possible they could be attempting to make it look like they are connected to China, Hong Kong or Taiwanese IP addresses and APT 10.
According to Cybereason’s investigation, the threat group’s techniques, acts and tools used, assisted their determining that the malicious operations are very highly associated with backing from a nation-state affiliated with China. With this kind of sophistication in hacking it also determined it is not a criminal group but definitely a group associated with a government operation.
Last year the Trump administration accused China of breaking its 2015 agreement with the US Obama-era government regarding limitations on cyber-espionage. HoweverThe Chinese Foreign Ministry continues to deny any such behavior. The Chinese electronic device manufacturing company, Huawei, is still under continued investigation for cyberspace espionage as well as breaking the world-wide economic ban on Iran.