Hackers have broken into the systems of more than adozen global telecoms companies and taken large amounts of personal andcorporate data, researchers from a cyber security company said on Tuesday,identifying links to previous Chinese cyber-espionage campaigns.
Investigators at U.S.-Israeli cyber security firm Cybereason said the attackers compromised companies in more than 30 countries and aimed to gather information on individuals in government, law-enforcementand politics.
The hackers also used tools linked to other attacks attributed to Beijing by the United States and its Western allies, said LiorDiv, chief executive of Cybereason.
“For this level of sophistication it’s not a criminalgroup. It is a government that has capabilities that can do this kind ofattack,” he told Reuters.
A spokesman for China’s Foreign Ministry said he wasnot aware of the report, but added “we would never allow anyone to engage insuch activities on Chinese soil or using Chinese infrastructure.”
Cybereason declined to name the companies affected orthe countries they operate in, but people familiar with Chinese hacking operations said Beijing was increasingly targeting telcos in Western Europe.
Western countries have moved to call out Beijing forits actions in cyberspace, warning that Chinese hackers have compromised companies and government agencies around the world to steal valuable commercial secrets and personal data for espionage purposes.
Div said this latest campaign, which his team uncovered over the last nine months, compromised the internal IT network ofsome of those targeted, allowing the attackers to customize the infrastructure and steal vast amounts of data.
In some instances, they managed to compromise atarget’s entire active directory, giving them access to every username and password in the organization. They also got hold of personal data, including billing information and call records, Cybereason said in a blog post.
“They built a perfect espionage environment,” saidDiv, a former commander in Israel’s military intelligence unit 8200. “Theycould grab information as they please on the targets that they are interestedin.”
Cybereason said multiple tools used by the attackers had previously been used by a Chinese hacking group known as APT10.
The United States indicted two alleged members of APT10 in December and joined other Western countries in denouncing the group’sattacks on global technology service providers to steal intellectual property from their clients.
The company said on previous occasions it hadidentified attacks it suspected had come from China or Iran but it was nevercertain enough to name these countries.
Cybereason said: “This time as opposed to in the pastwe are sure enough to say that the attack originated in China.”
ADVERTISEMENT
“We managed to find not just one piece of software, wemanaged to find more than five different tools that this specific group used,”Div said.
(Published by Reuters,JUNE 25, 2019)
__________