A cyber security company has reported a continuous cyberattack against global phone networks, from where the hackers have collected data related to phone conversations, including the call duration, the individuals and the current location of the device.
Software firm Cybereason says that it has worked with one telecom provider to combat five waves of cyber attacks that have taken place since 2018. The company also discussed about such attacks with more than 12 telecom networks.
The Boston-based Cybereason has given details on how the series of attacks took place. While targeting Call Detail Records (CDRs) the hackers turned to a familiar system to gain entry to private networks and then the malware activated after infected files sent by email were opened.
The security firm, which has an office in London, Tel Aviv and Tokyo, believes that after acquiring the access, the target was to obtain the CDRs. The company also claims that after identifying the first attack, they focused on stopping further four attacks that were carried out by the hackers in the next few months, using different techniques.
Even though the names of the targeted networks have not been revealed, apparently the CDR data collected by the hackers was related to the Asian, Middle East and European users.
Cybereason Nocturnus research team also revealed that the attacks were carried out to steal usernames, passwords, call records, billing information, geo-location data and more in a very systematic and advanced way.
The company did not reveal how much information was stolen or if there is any danger to subscribers. It stated that the tools and methods used in these attacks suggest only one name which is -- Advanced Persistent Threat 10 (APT 10), a group of cybercriminals that apparently linked to the Chinese Ministry of State Security.
Prior to the cyber attack on Australia's Parliament computer networks, the country joined US and UK in condemning the supposed campaign of cybersecurity violations on intellectual property and worldwide trade data attributed to China. As per these countries, a group, known as APT 10 to conduct a large scale cyber-attack in Europe, Asia and US.
UK's National Cyber Security Centre (NCSC) also said that as per a joint report by Recorded Future and Rapid7, APT10 is infiltrating the network of Norwegian cloud computing company Visma, which is one of the largest cloud service providers in Europe.
APT10, which is also known as Stone Panda, MenuPass and Red Apollo, and has been active since 2009.
NCSC also added that after the identification of APT10, the authorities found that it has been targeting healthcare, defence, aerospace, government, heavy industry/mining.
"Managed Service Providers (MSPs) and IT industries, among many other sectors, for the likely purpose of intellectual property theft," said NCSC.