wordpress blog stats
Connect with us

Hi, what are you looking for?

Hackers ‘linked to China’ have attacked telecom firms in over 30 countries for years, researchers find

hacking

Hackers, believed to be backed by the Chinese government, have broken into the systems of more than a dozen global telecom companies in over 30 countries and stolen large amounts of personal and corporate data “since at least 2017”, according to research conducted by US-Israeli cyber security firm Cybereason. The multi-wave campaign, which is ongoing, focuses on obtaining data of specific, high-value targets and has resulted in a complete takeover of networks. It mainly seeks to obtain CDR data (call logs, cell tower locations, etc.) of specific individuals from various countries. Cybereason said it first identified the attacks earlier this year. It declined to name the individuals or the telecom firms, citing privacy concerns, but warned that though the campaign is targeted at specific individuals, any entity that has the power to take over the networks of telecom providers can potentially use it to shut down or disrupt an entire cellular network as part of a larger cyber warfare operation.

‘Tools and methods consistent with those of Chinese actors’

This type of targeted cyber espionage, the firm said, was usually the work of nation state actors. It said it had concluded with a “high level of certainty” that the hackers in this case are affiliated with China and that the operation is likely state-sponsored because the tools and methods used were consistent with those of several Chinese “threat actors”,  specifically with APT10, which is believed to operate on behalf of the Chinese Ministry of State Security (MSS). It said the attackers worked in waves — abandoning one thread of attack when it was detected and stopped, before returning to it months later with new tools and methods. While it could not entirely rule out a “copy-cat” scenario, where another actor might masquerade as APT10 to thwart investigators, “we find this option to be less likely in light of our analysis of the data”, Cybereason said.

Cybereason’s security recommendations

Cybereason recommended that telcos adopt the following measures to thwart attacks on their systems:

  • Add an additional security layer for web servers. For example, use WAF (Web Application FW) to prevent trivial attacks on Internet-facing web servers.
  • Expose as few systems or ports to the internet as possible. Make sure that all web servers and web services that are exposed are patched.
  • Use an EDR tool to give visibility and immediate-response capabilities when high-severity incidents are detected.
    Proactively hunt in your environment for sensitive assets periodically.

US indicted two alleged APT10 members in December

The latest cyberoffensive puts the spotlight back on APT10 after two of its alleged members — Zhu Hua and Zhang Shilong — were indicted by the US Department of Justice in December in connection with cyberattacks and intellectual property (IP) theft, including conspiracy to commit computer intrusions, conspiracy to commit wire fraud and aggravated identity theft. The DoJ said the two worked for a company in China called Huaying Haitai Science and Technology Development Company and acted in association with the Chinese Ministry of State Security’s Tianjin State Security Bureau. It said that APT10 had begun the attacks in 2006, targeting “more than 45 technology companies in at least a dozen US states and US government agencies”. Then, in 2014, the group began targeting managed service providers (MSPs) in 12 countries, rather than attacking organisations directly.

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like

News

US President Donald Trump has delivered a parting shot to Huawei and its US suppliers. Just days before Joe Biden’s presidential inauguration, the outgoing...

News

Senior journalist and news anchor Nidhi Razdan was all set to start teaching at Harvard University this year. But it turns out she appears...

News

Smartphone maker Xiaomi has been branded as a ‘Communist Chinese military company’ by the US’s Department of Defense. This means that American businesses could...

News

The first few days of this year were rife with speculation that Alibaba founder Jack Ma had disappeared. But the fintech tycoon remains elusive,...

MediaNama is the premier source of information and analysis on Technology Policy in India. More about MediaNama, and contact information, here.

© 2008-2018 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ

Subscribe to Daily Newsletter

    © 2008-2018 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ