A new report from Cybereason says that persistent cyberattacks on at least 12 global telecom service providers since 2012 were likely perpetrated by the China-based threat actor known as APT10.
The attacks began as early as 2012 and stole personal and corporate data from service provider systems across 30 countries, the report says. Investigators concluded that the hackers targeted communications data of specific individuals – particularly employees of the government, law enforcement, and political organizations.
The report says the hackers were likely working under a nation-state – most likely China – based on the tactics, techniques, and procedures (TTPs) they used, and since the actors sought information other than financial data.
“The data exfiltrated by this threat actor, in conjunction with the TTPs and tools used, allowed us to determine with very high probability that the threat actor behind these malicious operations is backed by a nation state, and is affiliated with China,” the report said. “Our contextualized interpretation of the data suggests that the threat actor is likely APT10.”
The report found that the group used five different tools to conduct its attack on the telecom providers, which hold call detail records like call duration and destination information, device details, caller location, and device vendor information.
“Having this information becomes particularly valuable when nation-state threat actors are targeting foreign intelligence agents, politicians, opposition candidates in an election, or even law enforcement,” the report said.