By Joseph Menn
SANFRANCISCO – A hacking group with suspected ties to China burrowed into mobile telephone networks around the world and used specialized tools to grab calling records and text messages from telecommunication carriers, a U.S. cybersecurity company said on Tuesday.
CrowdStrike said the group, which it dubbed LightBasin, had been acting since at least 2016, but had more recently been detected wielding tools that are among the most sophisticated yet discovered.
Telecoms companies have long been a top target for nation-states, with attacks or attempts seen from China, Russia, Iran, and others. The United States also seeks access to calling records, which show which numbers called each other, how often and for how long.
CrowdStrike Senior Vice President Adam Meyers said his company gleaned the information by responding to incidents in multiple countries, which he declined to name. The company on Tuesday published technical details to let other companies check for similar attacks.
Meyers said the programs could retrieve specific data unobtrusively. “I’ve never seen this degree of purpose-built tools,” he told Reuters.
Meyers said his team was not accusing the Chinese government of directing the attacks by the hacking group. But he said the attacks had connections to China including cryptography relying on Pinyin phonetic versions of Chinese language characters, as well as techniques that echoed previous attacks by the Chinese government.
The Chinese embassy in Washington did not respond to questions from Reuters.
Asked for comment, the U.S. Cybersecurity and Infrastructure Security Agency said it was aware of the CrowdStrike report and would continue to work closely with U.S. carriers.
“This report reflects the ongoing cybersecurity risks facing organizations large and small and the need to take concerted action,” an official said through a spokesperson.
“Common sense steps include implementing multifactor authentication, patching, updating software, deploying threat detection capabilities, and maintaining an incident response plan.”
The findings underscore the vulnerability of major networks providing the backbone for communications and help explain the increasing demand for strong, end-to-end encryption that the networks – and anyone with access to those networks – cannot decipher.