Following a nearly year-long cyber investigation, US-Israeli cyber firm Cybereason announced on June 25 that a number of “state-sponsored adversaries” had been utilizing private infrastructure companies around the world to carry out “state-sponsored espionage and cyber war.”
The investigation found that hackers were able to infiltrate cellular providers‘ IT networks and lift a number of records, including usernames, passwords, billing information and call records. According to the Times of Israel, targeted persons included individuals in government positions, law enforcement and politics.
“This isn’t one breach, but a series of sophisticated and targeted breaches. What is really troubling is this is an example of being hacked and not knowing it because the victims aren’t aware and have no way to trace the attack,” Mor Levi, Cybereason’s vice president of global security services, said in the release.
With said information, Cybereason claims hackers could even track the so-called high profile individuals’ meetings, mobile messages and active locations. Though only a select few are said to be targets of the attack, entire directories of information and credentials were allegedly stolen in these attacks.
The US-Israeli cybersecurity company claims China’s government may be behind the series of attacks, as the unknown hackers’ tactics, techniques and procedures (TTP) can be traced back to APT10, a Chinese cyberespionage group.
“There’s an asterisk, though,” Amit Serper, head of Cybereason’s Nocturnus security research team, informed SC Media. “All the tools are associated with APT10, but since they are all available online, someone else can get them, modify them and pretend to be APT10.”
Lior Div, the US-Israeli firm’s CEO, addressed the heads of both the UK and US cyber intelligence organizations, as well as Mossad Director Yossi Cohen, during Tel Aviv’s Cyber Week Conference on Tuesday and explained his company’s findings.
“Right now we’re still tracking them,” Reuters quotes the executive as saying. “On Saturday we debriefed more than 25 different telcos [telecommunications companies], the biggest telcos in the world.”
Cybereason has remained tight-lipped about the countries and particular individuals affected by the series of breaches.
The report comes nearly six months after the US indicted two Chinese nationals with “conspiracy to commit computer intrusions, conspiracy to commit wire fraud, and aggravated identity theft.” According to a release from the US Department of Justice, both Zhu Hua and Zhang Shilong were members of APT10.