Telecom Hacking Targets Consumer Data

Security researchers from the Cybereason Nocturnus team recently uncovered a years-long hacking campaign aimed at collecting the personal information of high-profile targets all over the world. The campaign, dubbed Operation Soft Cell, included multiple waves of attacks against at least a dozen different telecommunications providers. The resulting exfiltration of massive amounts of sensitive data raises far-reaching information security and data privacy concerns.

Telecom providers are especially attractive targets for advanced persistent threat actors who have both the patience and resources necessary to execute and sustain such sophisticated hacking campaigns. Gaining access to and maintaining persistence on a network over the course of several years takes meticulous planning. The endgame of attacks such as Operation Soft Cell is usually not to steal money, as is often the case in smash-and-grab kinds of cybercrime, but rather to steal information. A “Low and Slow” approach is a hallmark of nation-state threat actors whose goal is to avoid detection and siphon sensitive data for as long as possible.

The consumer data compromised in Operation Soft Cell included customer call logs and geo-location data. This information can be used to map a user’s network of contacts, track their movements over time, and profile their daily communication and travel routines. For a motivated nation-state this type of cyber espionage can be used for foreign intelligence gathering, stealing trade secrets, and gaining an advantage over political or economic competitors.

The tools and techniques used in Operation Soft Cell are very similar to those previously seen and attributed to APT10, an elite hacking group believed to be sponsored by the Chinese government’s Ministry of State Security.  Each of the four waves of attack began by first exploiting a vulnerable public-facing web server. Using the compromised web server as an initial foothold, the attackers were then able to escalate their privileges on the network and move laterally through the environment, conducting reconnaissance and exfiltrating data along the way.

The implications of Operation Soft Cell are vast. The successful exploitation of multiple telecommunications providers shows just how vulnerable we are, both in terms of our private data as individuals and our critical infrastructure as a globally connected society. As users we can take measures to improve our own information security posture by using tools like a VPN to encrypt our internet traffic. In this case, however, the compromise was of the telecom providers themselves, and we have little recourse but to demand information security and consumer privacy be at the top of these organizations’ list of priorities.