A group of state-backed hackers with potential ties to China hit global telecommunications providers in an advanced, multiyear espionage campaign to obtain large amounts of data on high-profile individuals, according to a report released Tuesday from cybersecurity firm Cybereason.
The hackers’ goal appeared to be access to call detail records, which are held by telecom companies and provide a massive trove of metadata logs. The logs contain specific call details including device details, physical location of the device, and source, destination and duration of the call.
The ongoing operation was uncovered by Cybereason last year, but has been active since at least 2017, with evidence suggesting even earlier activity against cell network providers.
TechCrunch reports hackers infiltrated more than 10 cell networks in multiple countries around the world. The research firm said it has not yet seen the attacks target North American-based providers, but the situation remains “fluid,” according to TechCrunch.
Cybereason did not identify which companies or individuals were hit by the attacks, but company Chief Executive Lior Div told the Associated Press that hackers were able to extract data of about 20 customers who he described as mainly from the political and military world.
“We never heard of this kind of mass-scale espionage ability to track any persona across different countries,” Div said in an interview with The Wall Street Journal.
However, since the individuals’ devices weren’t directly targeted, they may never be aware of the surveillance, according to Div.
“Those individuals don’t know they were hacked—because they weren’t,” Div told the Associated Press.
The type of information sought in the attacks is usually linked to the work of state-backed actors, according to Cybereason. The firm said tools and technique used in the attacks were consistent with those employed by APT10, a hacker group thought to be backed by China.
“We’ve concluded with a high level of certainty that the threat actor is affiliated with China and is likely state sponsored,” the researchers wrote Tuesday.
However in an interviews with multiple outlets Div left open the possibility of the hackers purposely trying to implicate APT10, telling TechCrunch it was either the group “or someone that wants us to go public and say it’s [APT10].
China has consistently denied backing cybersecurity attacks against other countries.
One aspect of the hackers’ techniques Cybereason called notable, was that the group used mostly known tools that were customized for the specific attack—though new, unknown tools were also employed later once the operation was discovered.
During the massive campaign hackers gained the ability to move freely through telecom carriers’ systems, in some cases using administrator accounts and virtual private networks (VPNs) to disguise their activity and appear as employees, according to the WSJ.
“It’s important to keep in mind that even though the attacks targeted specific individuals, any entity that possesses the power to take over the networks of telecommunications providers can potentially leverage its unlawful access and control of the network to shut down or disrupt an entire cellular network as part of a larger cyber warfare operation,” the researchers wrote.
Tensions have risen between China and the U.S. in the midst of the countries’ ongoing trade dispute, and national security has been a top concern as the U.S. rolls out 5G networks. The Trump administration has taken steps to keep telecom equipment gear from companies thought to pose a security threat out of the country’s next-generation 5G networks, including equipment from Chinese tech giant Huawei.
The Federal Communications Commission in May rejected China Mobile’s application to provide telecom services in the U.S., saying the company’s state ownership structure could leave it vulnerable to engage in espionage and other threatening activity.
Just this week, news reports indicated the U.S. is considering a domestic ban on all 5G equipment designed and manufactured in China, including gear from vendors Ericsson and Nokia.