technology
Privacy and security
Government-sponsored: Chinese attackers spy on cellular providers
During an investigation that lasted several months, investigators uncovered a large-scale assault campaign against media companies in Asia.
Targets: Corporations, political figures, government officials, law enforcement agencies, and political activists.
"The attackers acted diligently to obscure their activities"
Tags
Cyber
Yinon Ben Shoshan
Tuesday, 03 August 2021, 13:52 Updated: 15:00
Share on Facebook
Share on WhatsApp
Share on general
Share on general
Share on Twitter
Share on Email
0 comments
(Photo: ShutterStock)
Defensive cyber company Cybereason this morning (Tuesday) unveiled a Chinese spy infrastructure on cellular providers around the world. The attackers have been able to establish themselves online for years and obtain information belonging to millions of subscribers without being exposed.
Since the discovery of the Hafnium attack last March, which exposed vulnerabilities in Microsoft Exchange's email servers, Sebrizen's research team has been monitoring the activities of the attack group in question to detect further attacks.
During an investigation that lasted several months, the Cyberizen team uncovered a large-scale attack campaign against cellular providers in Asia, which had exploited the same security vulnerabilities for years before, in order to obtain information on millions of subscribers.
The Cyberizen report also shows that the spyware infrastructure consists of three different attack groups, which sometimes operated in parallel. The attack groups managed to operate without being exposed for years (at least since 2017), and thus managed to steal critical information from servers containing sensitive information of millions of users.
In addition, the clear overlap seen between the tools and techniques used by the various attack groups indicates their classification as a Chinese attack group operating in the interests of a Chinese government interest.
The groups behind the attacks are reportedly Soft Cell, Naikon and Group-3390. The attack on cellular providers' corporate networks is not accidental.
More on Walla!
NEWS
Delight Friday: One sandwich and a bite that has it all
To the full article
The espionage infrastructure consists of three different attack groups (Photo: ShutterStock)
The access to information of millions of users is an effective intelligence infrastructure in which the Chinese government's goals can be searched on a daily basis, locate their "Call Detail Record" (CDR) and put together a comprehensive intelligence picture: with whom the targets spoke, at what hours and days, and what is the location geographic anytime.
based on information from the research group Soft Cell was first exposed by Siibrizn at -2019, and according to other studies on these assault groups, it can be concluded that the stolen information is used for the benefit of espionage activities of selected targets. these targets may include corporations , Political figures, government officials, law enforcement agencies, and political activists interested in the Chinese government.
Large-scale attack campaign against cellular providers in Asia (Photo: AP)
"These are alarming attacks because they undermine the security of critical infrastructure providers and reveal the confidential and proprietary information of public and private organizations that depend on secure communications for day-to-day business management," said Lior Dib, CEO and founder of Cyberizen. For customers of cellular providers, it also has the potential to threaten the security of the countries where the attackers focused and regional instability.
" In the world, and that is in order to maintain organizations in the best possible way, "Dib added.
Assaf Dahan, head of the cyber threat research group at Cyberizen, referred to the attack groups his team investigated for months, explaining that "the attackers acted diligently to obscure their activities, keep a low profile, and evade the security efforts of the cellular providers, all of which indicate that the spy targets have Great value to attackers. "
Share on Facebook
Share on WhatsApp
Share on general
Share on general
Share on Twitter
Share on Email
0 comments