Chinese hacking groups have compromised global telecommunications companies by stealing phone records and location data, cybersecurity researchers said.
The hacking groups waged a campaign from 2017 to 2021, in some cases exploiting security vulnerabilities in Microsoft Corp’s Exchange servers to gain access to telecommunication companies’ internal systems, according to a new report published on Tuesday by US-based security firm Cybereason Inc.
The report did not name any telecom firms, while a response from Cybereason on any impact in India is awaited. However, the firm said the attacks were primarily across Southeast Asian countries.
“Based on our analysis, we assess that the goal of the attackers behind these intrusions was to gain and maintain continuous access to telecommunication providers and to facilitate cyber espionage by collecting sensitive information, compromising high-profile business assets such as the billing servers that contain Call Detail Record (CDR) data, as well as key network components such as the Domain Controllers, Web Servers and Microsoft Exchange servers,” Cybereason Inc said in a statement.
“The highly adaptive attackers worked diligently to obscure their activity and maintain persistence on the infected systems, dynamically responding to mitigation attempts after having evaded security efforts since at least 2017, an indication that the targets are of great value to the attackers,” the statement said.
According to the cybersecurity firm three distinct clusters of attacks have varying degrees of connection to APT (advanced persistent threat) groups — Soft Cell, Naikon and Group-3390 — all known to operate in the interest of the Chinese government.
The security firm’s findings follow allegations by the US and UK governments which blamed actors affiliated with the Chinese government for a series of global hacks on Microsoft Exchange servers.