US cyber security vendor Cybereason says it has uncovered ‘a worldwide campaign against telecommunications providers’ that it reckons involves the Chinese state.
The findings were published in a blog today, but the malicious activity was first discovered last year and seems to have been going since 2017. It talks of ‘an advanced, persistent attack targeting global telecommunications providers carried out by a threat actor using tools and techniques commonly associated with the Chinese-affiliated threat actor APT10.’
The purpose of the attacks seems to have been to hack into mobile phone networks in order to obtain the CDRs (call detail records) of certain specific people, presumably of political or commercial interest. These CDRs provide a fairly detailed account of an individual’s activities since they offer a lot of geographical information.
The main investigation seemed to focus on one telco client, but according to an interview the researchers did with TechCrunch, at least ten other networks around the world have been subjected to similar attacks over the past seven years. They added that they seem aimed at targeted individuals but declined to name them.
“We’ve concluded with a high level of certainty that the threat actor is affiliated with China and is likely state sponsored” said the Cybereason blog. “The tools and techniques used throughout these attacks are consistent with several Chinese threat actors, specifically with APT10, a threat actor believed to operate on behalf of the Chinese Ministry of State Security (MSS).”
Presumed malevolent intent by the Chinese state is at the core of much of the aggro Huawei has been dealing with this year and this sort of thing will serve to entrench those presumptions. As ever with espionage it’s very unlikely any ‘smoking gun’ evidence will ever be produced, but the circumstantial evidence is being served up on a regular basis.