A US-Israeli cybersecurity firm said Tuesday it had uncovered a massive hack of several global telecommunications companies involving the theft of vast amounts of personal data that was apparently carried out by state-backed actors in China.
Cybereason, which is based in Boston and has offices in Tel Aviv, London, and Tokyo, said the hacking included the specific targeting of people working in government, law enforcement and politics.
The company said in a statement it had found a “nation state-backed operation against multiple cellular providers that has been underway for years.”
“The tools and TTPs (tactics, techniques and procedures) involved in this operation indicate that the nation state attackers may be from China,” the company said, dubbing the investigation “Operation Soft Cell.”
Hackers engaged in “espionage and a web of theft targeting specific individuals on different continents likely working in government, law enforcement and politics,” Cybereason said.
“The ongoing, active nine-month investigation shows how nation-state adversaries, likely sponsored by the Chinese government, have taken over the IT networks of many cellular providers resulting in the theft of hundreds of gigabytes of data,” the statement said.
Hackers “completely took over the IT network and were able to customize the IT infrastructure for their convenience” in order to pull out “complete active directory databases, compromising every single username and password in these organizations.”
“In addition, other personally identifiable information such as billing data, call detail records, credentials, email servers were stolen,” the company said.
Cybereason did not release a list of the companies it believes were targeted in the hack.
“The operation against telecommunications companies is at a massive scale,” said Lior Div, Cybereason’s CEO and co-founder. “This isn’t a smash and grab campaign to steal money or social security numbers.”
“These hackers have very specific motives and are running a running a highly targeted, persistent operation operation to own the networks and track a very targeted list of individuals on different continents,” continued Div, a veteran of the Israeli army’s elite 8200 cyber unit.
“This isn’t one breach but a series of sophisticated and targeted breaches,” said Amit Serper, senior director and head of security research at Cybereason. “The hackers have stolen hundreds of gigabytes of information and have access to geolocation information on individuals, knowing their exact movements by day and night. If the individuals travel overseas, the hackers know it. If the person is attending a concert, the hackers know it and they can use this information to identify a convenient time in operations and campaigns they are carrying out.”
Western nations, and in particular the US and Britain, have accused China of large-scale hacking operations aimed at pilfering vast amounts of data including trade secrets and scientific information as well as private details of citizens.
In December, US authorities indicted two alleged Chinese hackers said to have acted on behalf of Beijing’s main intelligence agency to steal trade secrets and other information from government agencies and a who’s who of major corporations in the United States and nearly a dozen other nations. Targeted nations named in the US indictment include Brazil, Canada, Finland, France, Germany, India, Japan, Sweden, Switzerland and the United Arab Emirates.
The developments coincided with an announcement by Britain blaming China’s Ministry of State Security for trade-secret pilfering affecting Western nations.
Britain’s Foreign Office at the time accused Chinese elite hackers of conducting a “widespread and significant” campaign of cyberespionage against the United Kingdom and its allies.