Hackers hit global telcos in espionage campaign: cyber research firm

[snoop1130]

Hackers hit global telcos in espionage campaign: cyber research firm

by Ari Rabinovitch, Tova Cohen

 

FILE PHOTO: A man holds a laptop computer as cyber code is projected on him in this illustration picture taken on May 13, 2017. REUTERS/Kacper Pempel/Illustration

 

TEL AVIV (Reuters) - Hackers have broken into the systems of more than a dozen global telecoms companies and taken large amounts of personal and corporate data, researchers from a cyber security company said on Tuesday, identifying links to previous Chinese cyber-espionage campaigns.

 

Investigators at U.S.-Israeli cyber security firm Cybereason said the attackers compromised companies in more than 30 countries and aimed to gather information on individuals in government, law-enforcement and politics.

 

The hackers also used tools linked to other attacks attributed to Beijing by the United States and its Western allies, said Lior Div, chief executive of Cybereason.

 

“For this level of sophistication it’s not a criminal group. It is a government that has capabilities that can do this kind of attack,” he told Reuters.

 

A spokesman for China’s Foreign Ministry said he was not aware of the report, but added “we would never allow anyone to engage in such activities on Chinese soil or using Chinese infrastructure.”

 

Cybereason declined to name the companies affected or the countries they operate in, but people familiar with Chinese hacking operations said Beijing was increasingly targeting telcos in Western Europe.

 

Western countries have moved to call out Beijing for its actions in cyberspace, warning that Chinese hackers have compromised companies and government agencies around the world to steal valuable commercial secrets and personal data for espionage purposes.

 

Div said this latest campaign, which his team uncovered over the last nine months, compromised the internal IT network of some of those targeted, allowing the attackers to customize the infrastructure and steal vast amounts of data.

 

In some instances, they managed to compromise a target’s entire active directory, giving them access to every username and password in the organization. They also got hold of personal data, including billing information and call records, Cybereason said in a blog post.

 

“They built a perfect espionage environment,” said Div, a former commander in Israel’s military intelligence unit 8200. “They could grab information as they please on the targets that they are interested in.”

 

Cybereason said multiple tools used by the attackers had previously been used by a Chinese hacking group known as APT10.

 

The United States indicted two alleged members of APT10 in December and joined other Western countries in denouncing the group’s attacks on global technology service providers to steal intellectual property from their clients.

 

The company said on previous occasions it had identified attacks it suspected had come from China or Iran but it was never certain enough to name these countries.

 

Cybereason said: “This time as opposed to in the past we are sure enough to say that the attack originated in China.”

 

“We managed to find not just one piece of software, we managed to find more than five different tools that this specific group used,” Div said.

 

-- © Copyright Reuters 2019-06-25

Follow Thaivisa on LINE for breaking Thailand news and visa info

[Basil B]

Iranians?

 

Hitting back, proving they can do it too.

[Morch]

2 hours ago, Basil B said:

Iranians?

 

Hitting back, proving they can do it too.

 

From the OP:

 

Quote

Cybereason said: “This time as opposed to in the past we are sure enough to say that the attack originated in China.” 

 

[from the home of CC]

Florida paid over half a million dollars to hackers who put ransom ware on their systems last week.

[Srikcir]

11 hours ago, Morch said:

 

From the OP:

 

 

Retribution over U.S. banning Huawei commercial operations in the U.S. and extradition request of Huawei's CFO Meng from Canada?

[Morch]

1 minute ago, Srikcir said:

Retribution over U.S. banning Huawei commercial operations in the U.S. and extradition request of Huawei's CFO Meng from Canada?

 

Seems like a very long-term, patient operation. Some reports suggest spanning 7 years. Long before current issues came up.

[Trouble]

Anyone that doesn't think China is a threat has got their head buried deep in the sand.  China's activities in business, South China Sea, trade, and all other sectors are blatantly done to further China's own ambitions. The Communist government since Mao has never kept an agreement or told the truth about anything. But the world keeps doing business with them.  Money talks.  

[SpaceKadet]

Yeah, and you just wait until Huawei takes over the worlds 5G networks with their stolen technology.

There is a reason being the cheapest provider...

[observer90210]

Oh dear !!...my phone is hacked and now the Chinese have the details of all the hookers and others I called over my place for some bunga-bunga time

[bendejo]

On 6/25/2019 at 7:07 AM, Morch said:

On 6/25/2019 at 4:43 AM, Basil B said:

Iranians?

 

Hitting back, proving they can do it too.

 

From the OP:

 

Quote

Cybereason said: “This time as opposed to in the past we are sure enough to say that the attack originated in China.” 

 

Sometimes friends do favors for friends.  Old saying: "the enemy of my enemy is my friend."

 

 

 

[Morch]

5 hours ago, bendejo said:

 

Sometimes friends do favors for friends.  Old saying: "the enemy of my enemy is my friend."

 

 

 

 

I don't think the Chinese are that close to the Iranians. And as said above, there are reports this operation was carried out for several years - well before the current crisis materialized. Also, without knowing that the firms targeted are associated with Iran's interests, such assumptions got little to rely on.