wordpress blog stats
Connect with us

Hi, what are you looking for?

Hackers ‘linked to China’ have attacked telecom firms in over 30 countries for years, researchers find

hacking

Hackers, believed to be backed by the Chinese government, have broken into the systems of more than a dozen global telecom companies in over 30 countries and stolen large amounts of personal and corporate data “since at least 2017”, according to research conducted by US-Israeli cyber security firm Cybereason. The multi-wave campaign, which is ongoing, focuses on obtaining data of specific, high-value targets and has resulted in a complete takeover of networks. It mainly seeks to obtain CDR data (call logs, cell tower locations, etc.) of specific individuals from various countries. Cybereason said it first identified the attacks earlier this year. It declined to name the individuals or the telecom firms, citing privacy concerns, but warned that though the campaign is targeted at specific individuals, any entity that has the power to take over the networks of telecom providers can potentially use it to shut down or disrupt an entire cellular network as part of a larger cyber warfare operation.

‘Tools and methods consistent with those of Chinese actors’

This type of targeted cyber espionage, the firm said, was usually the work of nation state actors. It said it had concluded with a “high level of certainty” that the hackers in this case are affiliated with China and that the operation is likely state-sponsored because the tools and methods used were consistent with those of several Chinese “threat actors”,  specifically with APT10, which is believed to operate on behalf of the Chinese Ministry of State Security (MSS). It said the attackers worked in waves — abandoning one thread of attack when it was detected and stopped, before returning to it months later with new tools and methods. While it could not entirely rule out a “copy-cat” scenario, where another actor might masquerade as APT10 to thwart investigators, “we find this option to be less likely in light of our analysis of the data”, Cybereason said.

Cybereason’s security recommendations

Cybereason recommended that telcos adopt the following measures to thwart attacks on their systems:

  • Add an additional security layer for web servers. For example, use WAF (Web Application FW) to prevent trivial attacks on Internet-facing web servers.
  • Expose as few systems or ports to the internet as possible. Make sure that all web servers and web services that are exposed are patched.
  • Use an EDR tool to give visibility and immediate-response capabilities when high-severity incidents are detected.
    Proactively hunt in your environment for sensitive assets periodically.

US indicted two alleged APT10 members in December

The latest cyberoffensive puts the spotlight back on APT10 after two of its alleged members — Zhu Hua and Zhang Shilong — were indicted by the US Department of Justice in December in connection with cyberattacks and intellectual property (IP) theft, including conspiracy to commit computer intrusions, conspiracy to commit wire fraud and aggravated identity theft. The DoJ said the two worked for a company in China called Huaying Haitai Science and Technology Development Company and acted in association with the Chinese Ministry of State Security’s Tianjin State Security Bureau. It said that APT10 had begun the attacks in 2006, targeting “more than 45 technology companies in at least a dozen US states and US government agencies”. Then, in 2014, the group began targeting managed service providers (MSPs) in 12 countries, rather than attacking organisations directly.

Advertisement. Scroll to continue reading.
Written By

MediaNama’s mission is to help build a digital ecosystem which is open, fair, global and competitive.

Views

News

The industry's growth is being weighed down by taxation and legal uncertainty.

News

Due to the scale of regulatory and technical challenges, transparency reporting under the IT Rules has gotten off to a rocky start.

News

Here are possible reasons why Indians are not generating significant IAP revenues despite our download share crossing 30%.

News

This article addresses the legal and practical ambiguities in understanding the complex crypto ecosystem in India.

News

It is widely argued that the PDP Bill report seeks to discard the intermediary status of social media platforms but that may not be...

You May Also Like

News

Google has released a Google Travel Trends Report which states that branded budget hotel search queries grew 179% year over year (YOY) in India, in...

Advert

135 job openings in over 60 companies are listed at our free Digital and Mobile Job Board: If you’re looking for a job, or...

News

Rajesh Kumar* doesn’t have many enemies in life. But, Uber, for which he drives a cab everyday, is starting to look like one, he...

News

By Aroon Deep and Aditya Chunduru You’re reading it here first: Twitter has complied with government requests to censor 52 tweets that mostly criticised...

MediaNama is the premier source of information and analysis on Technology Policy in India. More about MediaNama, and contact information, here.

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ

Subscribe to our daily newsletter
Name:*
Your email address:*
*
Please enter all required fields Click to hide
Correct invalid entries Click to hide

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ