Security researchers from cybersecurity firm Cybereason recently exposed the findings of their investigation into a massive hacking campaign on several global telecommunication companies.
Cybereason stated the hacking operation, named Operation Soft Cell, compromised companies in more than 30 countries and snooped huge amounts of personal data from individuals and companies. It’s believed that the alleged spying operation is possibly linked to state actors of China.
Cybereason is an Israel-based startup founded by former members of the Unit 8200 military intelligence division. Founded in 2012 by Div, Yossi Naar, and Yonatan Striem-Amit, Cybereason develops “military-grade technology” to counter advanced cyber-attacks. Their strategy is based on the immediate detection of an attack, finding a component that is part of the attack, and using this as the starting point to seek out other pieces of information that are part of the attack.
“In 2018, the Cybereason Nocturnus team identified an advanced, persistent attack targeting global telecommunications providers carried out by a threat actor using tools and techniques commonly associated with Chinese-affiliated threat actors, such as APT10. This multi-wave attacks focused on obtaining data of specific, high-value targets and resulted in a complete takeover of the network,” Cybereason said in a statement.
According to the investigation findings, the hacking campaign was spanned for seven years and involved in the theft of call records from cellular network providers. The hacker group conducted surveillance on target individuals working in law enforcement, government, and politics.
“During the persistent attack, the attackers worked in waves – abandoning one thread of attack when it was detected and stopped, only to return months later with new tools and techniques,” Cybereason added.
Describing the hacking espionage was on a massive scale, the Cybereason’s CEO and co-founder Lior Div said, “This advanced attack used a low-n-slow attack paradigm which circumvents almost all detection capabilities in the market today. This isn’t a smash-and-grab campaign to steal money or social security numbers. These hackers have very specific motives and are running a highly targeted, persistent operation to own the networks and track a very targeted list of high-profile individuals on different continents.”