(August 3): Chinese state-sponsored hacking groups compromised at least five global telecommunications companies and stole phone records and location data, according to cybersecurity researchers.
Hacking groups ran a campaign in Southeast Asia from 2017 to 2021, in some cases gaining access to telecommunications companies’ internal systems by exploiting vulnerabilities in Microsoft Corp.’s Exchange servers, according to a new report released Tuesday by US-based security. firm Cybereason Inc.
Cybereason’s CEO, Lior Div, said the hackers had obtained the “holy grail of espionage” by taking full control of the telecommunications networks they entered. Cybereason named the groups Soft Cell, Naikon, and Group-3390.
“These state-sponsored espionage operations not only negatively affect customers and business partners of telecommunications companies, but also have the potential to threaten the national security of the countries of the region and those with interests in the stability of the region,” Div said.
China’s Foreign Ministry did not respond to requests for comment. A government spokesperson previously denied claims that Chinese hackers had infiltrated Microsoft Exchange servers.
“The United States met with its allies and made a false accusation of cybersecurity against China,” Zhao Lijian said at a press conference in Beijing on July 20. “It is a smear and suppression that stems entirely from political motives. China will never accept that.”
A Microsoft spokesperson said the company has yet to see the report and therefore declined to comment.
Div declined to name the specific companies or countries from which the hackers made their intrusion, but said the report targeted telecommunications providers in some Southeast Asian countries that have long-standing disputes with China. He also cited earlier research by cybersecurity firm Check Point Software Technologies Ltd., which found that one of the hacking groups had previously targeted state ministries of foreign affairs, science and technology, as well as state-owned companies in countries such as Indonesia, Vietnam and the United States. Philippines.
According to Cybereason’s researchers, the hackers’ intent was most likely to obtain information about companies, political figures, government officials, law enforcement, political activists, and opposition groups involving the Chinese government. But the security firm concluded that hackers also have the ability to shut down or disrupt networks if they choose to shift their priority from espionage to intervention.
Cybereason found that hackers are “highly sophisticated and adaptable,” constantly avoiding security measures. One of the groups was seen hiding its malware in recycle bin folders of computers. Another group disguised itself in anti-virus software and also used a South Korean multimedia player called “PotPlayer” to infect computers with a keylogger that records what they write.
In some cases, hackers gained access to telecommunications networks by cracking security weaknesses in Microsoft’s Exchange Servers. According to Cybereason, hackers affiliated with the group known as Soft Cell were exploiting several vulnerabilities for at least three months before Microsoft made them public in March 2021.
The security firm’s findings follow claims by the US and UK governments, which on July 19 blamed Chinese government-affiliated actors for a series of global hacks on Microsoft Exchange servers. “The Chinese Government must end this systematic cyber sabotage and can expect to be held accountable if it doesn’t,” British Foreign Secretary Dominic Raab said in a statement.