Chinese spy group targeting global communications |
According to CrowdStrike research, a Chinese spy organization has successfully hacked parts of the World Wide Web, and in some cases provided access to subscriber information, call metadata, text messages and other data.
The US cybersecurity firm said the spying organization infiltrated cellular networks around the world and used special tools to obtain call recordings and text messages from telecom companies.
The study found that at least 13 telecom companies were hacked by the organization in 2019.
CrowdStrike said this organization called LightBasin has been in operation since at least 2016. But only recently discovered.
The report shows how the team has developed highly customized tools and deep knowledge of global telecommunication network architectures that can simulate network protocols to enable digitization and the retrieval of highly specific information from the infrastructure.
The nature of the targeted data corresponds to information that is potentially important to intelligence operations.
Telecom companies have always been the primary target of nation states. Attacks or attempts by China, Russia, Iran and other countries are common.
The US also wants access to call logs that show the numbers they call, how often and for how long.
CrowdStrike collects information by responding to events in multiple countries. He released technical details so other companies can investigate similar attacks.
LightBasin can unobtrusively invoke certain data. The company did not accuse the Chinese government of leading the attack on the hacking organization.
However, these attacks are linked to China, including a hardware key in a particular tool, which indicates that the developer has some knowledge of Chinese.
The encoding of the tool is based on the Pinyin system of Chinese characters. And to replicate technology that has been attacked before by the Chinese government.
The report mentions the dangers of electronic espionage
The US Network and Infrastructure Security Agency announced that it is aware of the CrowdStrike report and continues to work closely with US telecom companies.
This report reflects the current cybersecurity risks facing companies, large and small, and the need for coordinated action.
Protection steps include implementing multi-factor authentication, applying patches, updating software, deploying threat detection capabilities, and maintaining an incident response plan.
The results highlight the weakness of the main network, which is the backbone of communication. This explains the growing need for strong end-to-end encryption that no networks - and anyone with access to these networks - can decrypt.