Chinese state-backed hacking groups compromised a minimum of five global telecommunications companies and stole phone records and site data, consistent with cybersecurity researchers.
The hacking groups waged a campaign across Southeast Asia from 2017 to 2021, in some cases exploiting security vulnerabilities in Microsoft Corp.’s Exchange servers to realize access to telecommunication companies’ internal systems, consistent with a replacement report published Tuesday by US-based security firm Cybereason Inc.
Lior Div, the chief military officer of Cybereason, said the hackers had obtained “the grail of espionage,” by gaining total control of the telecommunication networks they penetrated. Cybereason named the groups Soft Cell, Naikon and Group-3390.
“These state-sponsored espionage operations not only negatively impact the telcos’ customers and business partners, they even have the potential to threaten the national security of nations within the region and people who have a vested interest within the region’s stability,” Div said.
China’s Foreign Ministry didn’t answer requests for comment. A government spokesperson previously denied allegations that Chinese hackers infiltrated Microsoft Exchange servers.
“The US ganged up with its allies and launched an unwarranted accusation against China on cybersecurity,” Zhao Lijian said at a press briefing on July 20 in Beijing. “It is only a smear and suppression out of political motives. China will never accept this.”
A Microsoft spokesperson said the corporate hadn’t yet seen the report and thus declined to comment.
Div declined to call specific companies or countries where the hackers administered their intrusions, though the report said they targeted telecommunications providers in some Southeast Asian nations that had long-standing disputes with China. It also pointed to older research from the cybersecurity firm Check Point Software Technologies Ltd. that found one among the hacking groups had previously targeted government foreign affairs, science and technology ministries, also as government-owned companies in countries including Indonesia, Vietnam and therefore the Philippines.
The hackers’ intent was likely to get information about corporations, political figures, officialdom , enforcement agencies, political activists and dissident factions of interest to the Chinese government, consistent with Cybereason’s researchers. However, the hackers also had the power to pack up or disrupt the networks if they chose to shift their priority from espionage to interference, the safety firm concluded.
Cybereason found the hackers to be “highly sophisticated and adaptive,” continuously evading security measures. one among the groups was observed hiding its malicious software in computers’ recycle bin folders. Another group disguised itself within anti-virus software and also used a South Korean multimedia player called “PotPlayer” to infect computers with a keylogger that recorded what they were typing.
In some cases, the hackers accessed the telecommunication networks by breaking in through security weaknesses in Microsoft’s Exchange Servers. Hackers affiliated with the group referred to as Soft Cell were exploiting a number of the vulnerabilities a minimum of three months before Microsoft publicly disclosed them in March 2021, consistent with Cybereason.
The security firm’s findings follow allegations by the US and U.K. governments, which on July 19 blamed actors affiliated with the Chinese government for a series of worldwide hacks on Microsoft Exchange servers. “The Chinese Government must end this systematic cyber sabotage and may expect to be held account if it doesn’t ,” U.K. Foreign Secretary Dominic Raab said during a statement.