According to new security research, a mysterious group of hackers has quietly broken into the computer networks of telecommunications companies globally.
Buried deep in mobile infrastructure around the world, hackers are able to spy on anyone whose device connects to these networks, according to cybersecurity firm Crowdstrike.
But little is known about the hackers other than what experts have been able to observe first-hand – that he is highly sophisticated, has been active since 2016, develops his own custom hacking tools, and has in-depth knowledge of the sector he is targeting.
What information hackers can glean from hacking into these networks “aligns with information that could be of significant interest to signals intelligence organizations,” Crowdstrike said, but who the group works for remains a mystery — although it there are several clues.
Adam Meyers, who leads Crowdstrike’s threat intelligence team, noted the differences between the mysterious group’s hack and recent stories about NSO Group’s spyware tools.
The private company has been accused of helping despotic regimes target the phones of politicians, journalists, political dissidents and human rights activists in reports earlier this year.
Mr Meyers explained: “The key takeaway here is that these hackers don’t need to hack into your mobile device…what’s so amazing here is that they can do it from the carrier. “
“They don’t have to hack into your phone, they hack into cell phone providers all over the world,” he said.
So little is known about the group that it is not tracked as a separate entity per se, but rather as a group of incident activity called LightBasin in which the same types of businesses were hacked from the same way.
But some clues emerged, according to Crowdstrike, which discovered data was being sent to and from a remote server and compromised networks were encrypted with a password they could read in the code of the hacking tools.
This password was a Chinese phrase – “wuxianpinggu507” – which the company translated as “507 wireless assessment”, but Crowdstrike warned that use of this phrase only indicates that the developer of the tool had some knowledge. of the Chinese language, this is not a basis for asserting Beijing’s involvement.
The company assessed that LightBasin activity appears to work in favor of several groups that Crowdstrike confidently attributed to being sponsored by the Chinese government, but its attribution standards are high and there are not enough evidence to support a similar attribution for LightBasin.
Mr Meyers said: “It’s important for us to be responsible in how we talk about things like this. We don’t take it lightly when we say there is a global campaign targeting telecommunications , and that it has very specialized tools intended to take advantage of mobile infrastructures.
“We don’t want to throw things out there unless we have some degree of confidence,” he said.