About
Subscribe
  • Home
  • /
  • Security
  • /
  • Chinese group targeted high-profile telco customers

Chinese group targeted high-profile telco customers

Kirsten Doyle
By Kirsten Doyle, ITWeb contributor.
Johannesburg, 01 Jul 2019

Chinese threat actors have breached and occupied the networks of 10 major global telecommunications providers, using their access to target “highly influential individuals”, says Cybereason, a provider detection and response software, which caught the attacker red handed in the of a new telecoms customer.

We believe the threat actor group is the Chinese group APT10 but no one can ever be 100% certain, said Amit Serper, principle security researcher at Cybereason. “While there are strong indications this is the group, it could very well be another group masquerading as APT10.”

According to him, 10 telecommunications companies have been victims so far. “Our investigation started one year ago when we were hired by a telecommunications provider that suspected it had been breached. As our investigation into that breach widened, we discovered that it was in fact 10 providers who were affected, with nearly one billion customers between them, across Europe, Africa, Asia and the Middle East.”

Serper says the attackers were in the networks for at least two years, and were after call data records (CDR) information on a highly targeted group of individuals. “Less than 30 people were targeted but they collected hundreds of Gigabytes of data on these individuals.”

Intimate knowledge of the targets

He says CDR info is very valuable. “It is a large subset of metadata that contains all the details of cellular calls, such as source, destination and call duration, device details, physical location and device vendor and version. The nation state hackers had intimate knowledge of any individual they wanted to on the network.”

They knew who the individuals were talking to, what devices the individuals are using, where the individuals are traveling and their exact location, he adds. “If someone was at a restaurant for dinner, they knew it. If they traveled from one country to another from the US to Africa or Asia, they knew it.”

Serper says Cybereason does not know who the targeted individuals were, but believes this operation is an intelligence gathering mission and there is a very strong likelihood that highly influential people are the targets.

Share