Security researchers have revealed hackers spent years burrowing into ten different telecoms. Using a common method of an email with a link leading to malware, the hackers then used sophisticated techniques to target specific individuals.
Security researchers at Cybereason revealed details of years-long attempts to break into telecom services (cell phone carriers). Starting in 2017, and possibly before, hackers sent emails to unsuspecting telecom employees with malicious links. The initial payload gave the hackers access to the telecom networks.
Once in, the hackers ultimately compromised the network, gaining administrative privileges, and even creating a VPN on the system that let hackers access large amounts of data and empowered them even to shut down the telecom network entirely. The hackers had so much power that Amit Serper, Principal Security Researcher at Cybereason, described them as essentially a “de facto shadow IT department of the company.”
Sabotage doesn’t seem to be the goal. Instead, the hackers downloaded data about 20 or so specific individual’s Call Detail Records. The information stolen would have contained call history, location history, what device the person is using, and so on. With this hack, the perpetrators achieved similar results to stealing a person’s phone, without the person knowing about it.
Cybereason didn’t reveal which telecoms the group hacked, though they did specify the locations of the targeted individuals as Europe, Africa, the Middle East, and Asia.