Chinese Hackers Linked to Global Attacks on Telcos

TechNewsWorld, June 26, 2019, with comments by Satya Gupta;

While all manner of PII is stolen, Telcos seem indifferent to the threat

Telecommuncation companies (telcos) around the world are being victimized by a series of cyberattacks. Experts see tell-tale signs that the hackers are Chinese. Going on since at least 2012, the cyberattack campaign is known as “Operation Soft Cell.” So far, Telcos targeted have been outside North America.
Based in Boston, Cybereason has conducted research on the attacks.

The attackers’ primary goal is to steal Active Directory data along with usernames, passwords and personally identifiable information (PII). PII includes call records, billing info, credentials, email servers, user geo-location and more. The researchers identified tools used, including PoisonIvy RAT. Based on the recognizable tools and techniques, they concluded the attack was likely carried out by a group of Chinese hackers, APT10, notorious for these kinds of attacks.

APT10 is also known to the US Justice Department who last year indicted two of their members for computer intrusions, fraud conspiracies and aggravated identity stealing.

Using PoisonIvy RAT, Chinese Hackers Carried Attack on for Months

This group left signs of their involvement, such as unqiue bread crumbs and the custom way they utilized the PoisonIvy RAT. Telcos were hit by the attackers for many months, during which the hackers compromised data ranging from credentials to critical assets – domain controllers, and production and database servers.

The impact of the damage is far-reaching. It’s damaging to the users whose data is stolen. It’s also harmful to the telcos, who become vulnerable to more hacker threats and control. Telcos are now part of the infrastructure of world governments and authorities. Any telco network under the control of a hacker entity, especially a nation-state, poses grave risk to multiple parties, individuals, national and international.

Large Companies Are Largely Ignoring These Threats

These attacks are incredibly serious, yet the targeted companies aren’t taking the threats seriously. The attacks themselves, though successful, were not especially sophisticated, nor were they using any new or “zero-day” methods. Operation Soft Cell is a known attack method and one that these big companies should have been able to protect themselves against.

These companies manage our data, housed in their possession 24/7. Protecting it from theft and other forms of sabotage should be at the top of their list of priorities. But it’s not. It’s a scenario we see again and again.

Campaigns like Operation Soft Cell are likely to continue without abatement, noted Satya Gupta, CTO of Virsec, an applications security company in San Jose, California.

"These attacks will continue for the foreseeable future, as long as there is political tension and unrest in any number of regions," he told TechNewsWorld. "Infrastructure attacks on all sides are trying to sow uncertainty, which has both political and financial value to the perpetrators."

For now, China appears to be keeping its hacking focus on spying. Every nation state conducts these acts. But one day, that could change to the detriment of everyone.

Read full article on Chinese Hackers Linked to Global Attacks on Telcos.

Further resources:


Chinese Hacking Group Used Stolen NSA Hacking Tools Ahead of Shadow Brokers’ Leaks

GreyEnergy Spy APT Mounts Sophisticated Effort Against Critical Infrastructure

Critical infrastructures for ICS security and ICS SCADA security will have to operate if there’s malware on it or not

White paper: Deterministic Protection Against Fileless and Memory-Based Attacks

View our monthly Newsletter