An Israeli-US security firm based in Boston, Cybereason has said that certain nation-state hackers managed to affect the systems of as many as ten cellular carriers worldwide to steal metadata of particular users. The company, without naming anyone, claims that the beleaguered users and the attackers both belong to China.

The campaign is labeled as Operation Softcell and it is viewed as a comparatively urbane and large-scale spying attempt bearing all the hints of the involvement of Chinese state-sponsored hackers. Carriers affected in this attack are located in the Middle East, Asia, Africa, and Europe. Astonishingly, the US or North American carriers haven’t been targeted so far.

The company released a report in which the attack was labeled as an “advanced, persistent attack,” and a “game of cat and mouse between the threat actor and the defenders.” The threat actors have acquired data of customers since 2012.

The attacker/threat actor possibly wants to steal all the data stored in the active directory and compromise every single “username and password in the organization along with other personally identifiable information, billing data, call detail records, credentials, email servers, geo-location of users, and more,” Cybereason stated in its blog post.

Up till now, the attackers have increased control of and stolen hundreds of gigabytes of customer data, which means that this data breach is a huge one and it is still active. As soon as the attack on database and billing servers as well as the active directory was noticed, the attacker(s) stopped the attack and resumed it after some time.

Cybereason noted the interruption firstly in 2018 but they believe that the campaign has been active since at least 2017.

The head of security research at Cybereason, Amit Serper, claims that the hackers have accrued a huge range of usernames and passwords and established a variety of domain privileges to gain privilege escalation on not one but multiple devices.

The firm’s researchers say they first spotted an interruption in a customer’s network a year ago, including indication that the intruders had been present for at least another year— dating the campaign back to 2017.

Leave a Reply

Your email address will not be published. Required fields are marked *