Security company Cybereason claimed the systems of at least 10 global telecoms companies have been attacked by hackers, with the breach being linked to the Chinese state.
In a report, the US-Israeli cybersecurity specialist identified “an advanced persistent attack”, dubbed Softcell, which has been active since at least 2017, targeting telecoms providers.
Cybereason declined to provide names of the impacted operators, but told The Wall Street Journal 20 individuals were targeted, consisting of military officials, dissidents, spies and law enforcement, spanning Asia, Europe, Africa and the Middle East.
“The threat actor was attempting to steal all data stored in the active directory, compromising every single username and password in the organisation, along with other personally identifiable information, billing data, call detail records, credentials, email servers, geo-location of users and more,” read Cybereason’s report.
Seeking to obtain data belonging “to specific individuals from various countries”, Cybereason explained the sophistication of the attack was “usually the work of nation state threat actors”.
“We’ve concluded with a high level of certainty that the threat actor is affiliated with China and is likely state sponsored,” it said, adding that the tools and techniques used through was “consistent with several Chinese threat actors”.
The company said the actions resembled those specifically of APT10, a threat actor believed to operate on behalf of the Chinese Ministry of State Security.Subscribe to our daily newsletter Back