Multiple telcos compromised by Chinese state-backed hackers

At least five global telecommunications companies have been compromised by Chinese state-backed hackers. Phone records and location data were among the data stolen according to cybersecurity researchers.

Waging a campaign across Southeast Asia from 2017 to 2021, the state-sponsored hackers allegedly also exploited security vulnerabilities in Microsoft’s Exchange servers according to a report by Bloomberg. The hackers were able to gain access to telecommunication companies’ internal systems.

At the beginning of 2021, the Cybereason Nocturnus Team investigated clusters of intrusions detected targeting the telecommunications industry across Southeast Asia. During the investigation, three clusters of activity were identified and showed significant connections to known threat actors, all suspected to be operating on behalf of Chinese state interests.

The Cybereason report said some of the groups involved included Soft Cell, Naikon, and Group 3390. They had gained total control of the telecommunication networks they penetrated.

“These state-sponsored espionage operations not only negatively impact the telcos’ customers and business partners, but they also have the potential to threaten the national security of countries in the region and those who have a vested interest in the region’s stability,” said Lior Div, the chief executive officer of Cybereason.

According to the report, the three distinct clusters of attacks have varying degrees of connection to APT groups Soft Cell, Naikon, and Group-3390 — all known to operate in the interest of the Chinese government.

“Overlaps in attacker TTPs across the clusters are evidence of a likely connection between the threat actors, supporting the assessment that each group was tasked with parallel objectives in monitoring the communications of specific high-value targets under the direction of a centralized coordinating body aligned with Chinese state interests.”

The ongoing US-China crisis 

Last month, the US for the first time accused the Chinese government of breaching Microsoft email systems as the Biden administration rallied a broad group of allies to condemn cyberattacks around the world.

While most European nations only accused China of allowing hackers to operate there, the US and Britain blamed the Chinese government directly, detailing the relationship between Chinese intelligence and criminal hacking groups.

China has since denied all allegations, especially on launching a cyber attack against Microsoft, stating they oppose all forms of cybercrime. The recent reports were labeled as political rumors by the Chinese Foreign Ministry. The ministry also urged American security companies to “pay more attention to cyberattacks by U.S. government hackers against China and other countries.”

State-sponsored attacks continue to main concern across the globes as countries continue to point fingers at each other for increasing global cybercrime. The US in particular has been blaming China and Russia for not only protecting cybercriminals but also using them to spy on other countries.

“State-sponsored hackers are also now highly adaptive and work diligently to obscure their activity and maintain persistence on the infected systems. They now dynamically respond to mitigation attempts after having evaded security efforts since at least 2017, an indication that the targets are of great value to the attackers,” the report stated.

While Russian hackers have been accused of ransomware in the US, including the recent Kaseya cyberattack, U.S. security, and intelligence agencies also outlined more than 50 techniques and procedures that Chinese hackers have used against U.S. networks.

For now, it’s unsure which telecommunication companies were affected but the global industry is on a major upgrading phase as telco companies continue their network expansions to support 5G.

---

---

---

---