One of the largest hacking operations in existence has been uncovered after it managed to access cellular networks across continents and access hundreds of gigabytes of data.
Known as ‘Operation Soft Cell’, according to a report from Cybereason, which has offices in Boston, London, Tel Aviv and Tokyo, the operation was successful in accessing private and financial data from potentially hundreds of thousands, if not millions of individuals.
The company has issued a statement confirming it had found a “nation state-backed operation against multiple cellular providers that has been underway for years.”
The company shied-away from naming individual companies that were impacted in the breach, however the damage looks widespread enough to suggest that a number of the world’s largest telecommunications companies were implicated.
“The tools and TTPs - tactics, techniques and procedures) involved in this operation indicate that the national state attackers may be from China,” the company said.
Those involved in the hacking of cellular networks took part in a sophisticated operation of “espionage and a web of theft targeting specific individuals on different continents likely working in government, law enforcement and politics,” Cybereason said in the statement.
However, as the firm continues to explain, the sheer amount of data that was accessed by the unauthorized third-party suggests the operation likely caught more than just government figures and politicians in its web.
“The ongoing, active nine-month investigation shows how nation-state adversaries, likely sponsored by the Chinese government, have taken over the IT networks of many cellular providers resulting in the theft of hundreds of gigabytes of files.”
Those hackers “completely took over the IT network and were able to customise the IT infrastructure for their convenience,” meaning they were able to withdraw “complete active directory databases, compromising every single username and password in these organisations.”
“In addition, other personally identifiable information such as billing data, call detail records, credentials, email servers were stolen,” Cybereason said.
Lior Div, Cybereason’s co-founder, CEO and former member of Israeli intelligence arm unit 8200 said that “the operation against telecommunications companies is at a massive scale.”
“This is a smash and grab campaign to steal money or social security numbers,” Div explained.
“These hackers have very specific motives and are running a highly targeted, persistent operation to own the networks and track a very targeted list of individuals on different continents.”
Amit Serper is a senior director and head of security research at Cybereason, who continued to explain the severity of the attack. “This isn’t one breach but a series of sophisticated and targeted breaches,” he said. “The hackers have stolen hundreds of gigabytes of information and have access to geolocation information on individuals, knowing their exact movements by day and night.”
“If the individuals travel overseas, the hackers know it. If the person is attending a concert, the hackers know it, and they can use this information to identify a convenient time in operations and campaigns they are carrying out.”