Chinese hackers compromised 5 global telecom companies: Researchers

Chinese state-backed groups compromised at least five global telecommunications companies and stole phone records and location data, according to researchers.

The groups waged a campaign across Southeast Asia from 2017 to 2021, in some cases exploiting security vulnerabilities in Corp.’s Exchange servers to gain access to telecommunication companies’ internal systems, according to a new report published Tuesday by US-based security firm Cybereason Inc.

Lior Div, the chief executive officer of Cybereason, said the hackers had obtained “the holy grail of espionage,” by gaining total control of the telecommunication networks they penetrated. Cybereason named the groups Soft Cell, Naikon and Group-3390.

“These state-sponsored espionage operations not only negatively impact the telcos’ customers and business partners, they also have the potential to threaten the national security of countries in the region and those who have a vested interest in the region’s stability,” Div said.

China’s Foreign Ministry didn’t respond to requests for comment. A government spokesperson previously denied allegations that Chinese hackers infiltrated Exchange servers.

“The US ganged up with its allies and launched an unwarranted accusation against on cybersecurity,” Zhao Lijian said at a press briefing on July 20 in Beijing. “It is purely a smear and suppression out of political motives. will never accept this.”

A spokesperson said the company hadn’t yet seen the report and therefore declined to comment.

Div declined to name specific companies or countries where the hackers carried out their intrusions, though the report said they targeted telecommunications providers in some Southeast Asian nations that had long-standing disputes with It also pointed to older research from the firm Check Point Software Technologies Ltd. that found one of the groups had previously targeted government foreign affairs, science and technology ministries, as well as government-owned companies in countries including Indonesia, Vietnam and the Philippines.

See also  Asia petrochemical shares mostly lower; crude extends gains on output cut hopes

The hackers’ intent was likely to obtain information about corporations, political figures, government officials, law enforcement agencies, political activists and dissident factions of interest to the Chinese government, according to Cybereason’s researchers. However, the hackers also had the ability to shut down or disrupt the networks if they chose to shift their priority from espionage to interference, the security firm concluded.

Cybereason found the hackers to be “highly sophisticated and adaptive,” continuously evading security measures. One of the groups was observed hiding its malicious software in computers’ recycle bin folders. Another group disguised itself within anti-virus software and also used a South Korean multimedia player called “PotPlayer” to infect computers with a keylogger that recorded what they were typing.

In some cases, the hackers accessed the telecommunication networks by breaking in through security weaknesses in Microsoft’s Exchange Servers. Hackers affiliated with the group known as Soft Cell were exploiting some of the vulnerabilities at least three months before Microsoft publicly disclosed them in March 2021, according to Cybereason.

The security firm’s findings follow allegations by the US and U.K. governments, which on July 19 blamed actors affiliated with the Chinese government for a series of global hacks on Microsoft Exchange servers. “The Chinese Government must end this systematic cyber sabotage and can expect to be held account if it does not,” U.K. Foreign Secretary Dominic Raab said in a statement.

Dear Reader,

Business Standard has always strived hard to provide up-to-date information and commentary on developments that are of interest to you and have wider political and economic implications for the country and the world. Your encouragement and constant feedback on how to improve our offering have only made our resolve and commitment to these ideals stronger. Even during these difficult times arising out of Covid-19, we continue to remain committed to keeping you informed and updated with credible news, authoritative views and incisive commentary on topical issues of relevance.

We, however, have a request.

See also  Asia Argento Denies Alleged Sexual Assault, Says Anthony Bourdain Paid Off Accuser

As we battle the economic impact of the pandemic, we need your support even more, so that we can continue to offer you more quality content. Our subscription model has seen an encouraging response from many of you, who have subscribed to our online content. More subscription to our online content can only help us achieve the goals of offering you even better and more relevant content. We believe in free, fair and credible journalism. Your support through more subscriptions can help us practise the journalism to which we are committed.

Support quality journalism and subscribe to Business Standard.

Digital Editor


Leave a Reply

This website uses cookies. By continuing to use this site, you accept our use of cookies.  Learn more