For a few years now, high-ranking US intelligence officials warned that Huawei is a security threat for America and its allies. Its networking equipment can allegedly be used for spying operations against the West, and Huawei has been contesting these reports for as many years. However, these security concerns are the basis of the recent bans against the Chinese conglomerate. The company can’t do business with US companies, and it can’t provide telecom equipment in the US. Add to that the complex US-China trade war, and it’s easy to see why Huawei has been in the spotlight lately.
But just as Huawei is trying to fix these issues and improve its image in dealings with other countries, a scathing report from a cybersecurity company tells us that a group of hackers tied to the Chinese government has been hacking more than a dozen global telecommunication companies for years, and stealing large amounts of personal and corporate data. The report doesn’t implicate Huawei in any way but makes it clear that a nation-state is responsible for the cyber heist, with China being the likeliest candidate.
Cybereason says the attackers compromised companies in more than 30 countries over the past few years with sophisticated attacks that were aimed at obtaining permanent access to data, copying personal data, and avoiding detection, Reuters reports. These attacks occurred in stages, with the hackers changing strategies for different missions and adapting to avoid being discovered by cybersecurity teams.
“For this level of sophistication, it’s not a criminal group. It is a government that has capabilities that can do this kind of attack,” Cybereason CEO Lior Div said. “They built a perfect espionage environment,” the exec added. “They could grab information as they please on the targets that they are interested in.”
The security company did not name the carriers that were affected or the countries they operate in, but Reuters says people familiar with Chinese hacking operations claim Beijing was increasingly targeting telcos in Western Europe.
The object of the “Operation Soft Cell” hacks was to steal data related to the calls that certain targets may have made. The data includes device details, physical locations, device vendors and versions, as well as the sources, destinations, and durations of calls, as Cybereason explains in a blog post.
The fact the hackers weren’t looking to steal money is an indication that it’s the kind of cyber attack a nation-state would pull off.
And the hackers were able to extract quite a lot of data. In some cases, they compromised the target’s entire active directory, which means “compromising every single username and password in the organization, along with other personally identifiable information, billing data, call detail records, credentials, email servers, geo-location of users, and more.”
Cybereason says hacking group APT10, associated with the Chinese government, is the likely culprit behind the hack. Meanwhile, China has denied everything. A spokesman for the Foreign Ministry said that he was not aware of the report, adding that “we would never allow anyone to engage in such activities on Chinese soil or using Chinese infrastructure.”