A Chinese spy group has successfully hacked parts of the World Wide Web, allowing in some cases access to subscriber information, call metadata, text messages and other data, according to research by CrowdStrike.
AndShe said The US Cyber Security Corporation said the spy group penetrated mobile phone networks around the world and used specialized tools to obtain call logs and text messages from telecom companies.
The research identified 13 telecom companies as having been hacked by the group dating back to at least 2019.
CrowdStrike said the group, which it called LightBasin, has been in operation since at least 2016. But it was discovered recently.
The report shows how this group has developed highly customized tools and a precise working knowledge of global telecom network architectures that can simulate network protocols to allow scanning and retrieval of highly specific information from mobile infrastructure.
The nature of the targeted data is consistent with information that is potentially of significant importance to intelligence operations.
Telecom companies have long been a prime target of nation-states, with attacks or attempts from China, Russia, Iran and others seen.
The US is also seeking access to call logs, which show which numbers called each other, how often, and for how long.
CrowdStrike collected information by responding to incidents in several countries. It published technical details to allow other companies to check for similar attacks.
LightBasin tools can unobtrusively retrieve specific data. The company was not charged Chinese government directing hacking group attacks.
But the attacks have links to China, including a hard key inside one of the specific tools that indicates the developer has some knowledge of Chinese.
The encoding within the tools is based on the Pinyin phonetic system for Chinese characters. As well as techniques that reproduced previous attacks by the Chinese government.
Read also: Protect smartphones from spyware
The report mentions the dangers of electronic espionage
The US Cyber and Infrastructure Security Agency said it is aware of the CrowdStrike report, and continues to work closely with US telecom companies.
This report reflects the ongoing cybersecurity risks facing organizations large and small and the need for coordinated action.
Protection steps include implementing multi-factor authentication, patching, updating software, deploying threat detection capabilities, and maintaining an incident response plan.
The results underscore the vulnerability of the major networks that provide the backbone of communications. And it helps explain the growing demand for strong end-to-end encryption that networks—and anyone with access to these networks—can’t decrypt.