Nation-state hackers launch massive attack on mobile networks

China is believed to be behind the years-long hack that allowed it know everything about the victims

Mobile network hack

Security researchers have uncovered a cyber espionage campaign dating back to 2017, with evidence suggesting it could have been earlier, which involved the hacking of 10 mobile network operators (MNOs) and invisibly tracking their users for months on end.

In the report published by Cybereason, researchers said that hackers were able to exfiltrate all raw data received and transmitted from a user's phone, allowing them to track a person's location and steal personally identifying information including login credentials, call records, billing information and more.

The hackers assumed control of an MNO by first exploiting a vulnerability in an internet-connected web server and using that to work their way into the network. They then moved laterally, exploiting each machine by stealing credentials using a Mimikatz variant until they assumed control of the domain controller which granted full access to the network with high privileges.

The hackers then created a string of accounts from which they launched malicious code. They were able to track an MNO's users without detection and without needing to distribute any malware to the user's device, resulting in them knowing everything about a user without actually hacking them.

Cybereason said this type of attack on MNOs, which form part of a nation's critical infrastructure due to our dependence on the technology, can usually be attributed to a nation-state.

A UK parliamentary committee of MPs and Lords said late last year that it's "impossible" to protect critical infrastructure from cyber attacks like WannaCry; mitigation is fast becoming the only method of protection.

"The threat actor mainly sought to obtain CDR data (call logs, cell tower locations, etc.) belonging to specific individuals from various countries," the report said. "This type of targeted cyber espionage is usually the work of nation state threat actors."

It said nearly a quarter of all critical infrastructure organisations have been hit by nation-state attacks and believe that this is no exception.

"We've concluded with a high level of certainty that the threat actor is affiliated with China and is likely state sponsored," read the report. "The tools and techniques used throughout these attacks are consistent with several Chinese threat actors, specifically with APT10, a threat actor believed to operate on behalf of the Chinese Ministry of State Security (MSS)."

"There are multiple indicators that suggest that this campaign is a Chinese threat actor. Not just the RAT, but additional tools which can be attributed to a specific group called APT 10," said Mor Levi, vice president, global security practice at Cybereason. "A disclaimer to this is that those tools were leaked a few years ago, and anyone with a little bit of effort can "get their hands on those tools" and make it look like APT 10 is behind that."

The exfiltrated data of call detail records (CDRs) is some of the most valuable available to a nation-state, according to Cybereason.

While many hackers set their sights on large organisations for financial reward, having mountains of CDRs enables a nation-state to understand who an individual is speaking to, where they're travelling and what devices they're using.

This becomes especially useful when targeting high-value individuals such as intelligence officers, politicians or members of law enforcement agencies.

"This attack has widespread implications, not just for individuals, but also for organizations and countries alike," said the report. "This is another form of cyber warfare being used to establish a foothold and gather information undercover until they are ready to strike."

Featured Resources

Digital document processes in 2020: A spotlight on Western Europe

The shift from best practice to business necessity

Download now

Four security considerations for cloud migration

The good, the bad, and the ugly of cloud computing

Download now

VR leads the way in manufacturing

How VR is digitally transforming our world

Download now

Deeper than digital

Top-performing modern enterprises show why more perfect software is fundamental to success

Download now

Recommended

What is cyber warfare?
Security

What is cyber warfare?

22 Sep 2020
What is shoulder surfing?
Security

What is shoulder surfing?

19 Oct 2020
Google blocked record-breaking 2.5Tbps DDoS attack in 2017
Security

Google blocked record-breaking 2.5Tbps DDoS attack in 2017

19 Oct 2020
Microsoft releases two emergency Windows patches
Security

Microsoft releases two emergency Windows patches

19 Oct 2020

Most Popular

The top 12 password-cracking techniques used by hackers
Security

The top 12 password-cracking techniques used by hackers

5 Oct 2020
How to wipe a laptop easily and securely
Security

How to wipe a laptop easily and securely

5 Oct 2020
iPhone 12 lineup official with A14 Bionic chip and 5G support
Mobile Phones

iPhone 12 lineup official with A14 Bionic chip and 5G support

13 Oct 2020