How this new cyber criminal group hacked into different mobile networks and other associated companies?

A recent security report by the firm Crowdstrike reveals some details about a hacking group that, almost inadvertently, has managed to compromise the computer networks of some of the most important telecommunications companies in the world. Apparently, this intrusion aims at deploying ambitious spying campaigns on virtually any device connected to the compromised networks.

Although the researchers acknowledge knowing very little about this hacking group, they do mention that they have been active since 2016 and have highly sophisticated tactics and tools, in addition to developing their own hacking tools and having full knowledge of the industry to which they direct their attacks.

A successful attack would allow threat actors to gain broad access to sensitive information, especially related to people of interest working in intelligence agencies, large corporations and non-governmental organizations, although it is still unknown who is behind these hackers.

While some members of the cybersecurity community find some similarities between the attacks of these hackers and the activity related to the firm NSO Group and the powerful Pegasus spyware, Crowdstrike researcher Adam Meyers believes that this is a completely different operation, since this group of hackers do not depend on the compromise of a smartphone due to the entire telecommunications network having been hacked previously.

The truth is that despite the multiple indications of malicious activity the cybersecurity community still does not know many things about this operation, to the extent that it is even believed that it is actually a set of different malicious operations identified as LightBasin.

Crowdstrike also mentions the detection of some data sent to a remote server encrypted with a password composed of a Chinese phrase (wuxianpinggu507), although they believe that this is only an indication that the developers had knowledge of the language and, at least for the moment, it is not possible to say for sure that a Chinese hacking group participates in this operation.

On the other hand, Meyers does believe the operation could be backed by Chinese hacker groups and even sponsored by the government, though the threat will need to continue to be monitored to determine its origin and actual targets.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.