Canada Markets open in 4 hrs 24 mins

Security Firm Says 'High Degree of Certainty' China Linked to Global Hack of 10 Telcos

Dave McCombs and Gwen Ackerman
(Bloomberg) -- Cyber attackers that appear linked to the Chinese government infiltrated at least 10 global telecommunications carriers over several years and stole customer data, a Boston-based research firm said.There is a “high degree of certainty” that a team acting on behalf of China was involved and sought to take communications data related to specific individuals, Cybereason said in a June 25 report. The breach involved tools and techniques consistent with those used by a group identified as APT10, it said.In at least one case, attackers gained access over the past seven years, increasing the penetration and eventually reaching every level, Lior Div, Cybereason chief executive officer, said in a phone interview.“It reached a point that they could manage the infrastructure as if it was theirs,” he said. “They created a shadow IT department and could do what they wanted in the environment.”The alleged attack, code-named Operation Soft Cell, comes as the U.S. blacklists major Chinese technology companies over suspicions they help the government spy. Cybersecurity researchers have accused hackers of being affiliated with Beijing in the past and the Cybereason report published Tuesday pointed out similarities to previous attacks by APT10, a unit it said operated on behalf of a Chinese government ministry.Div declined to identify any of the targeted companies and said Cybereason was concerned about the lives of individuals -- those targeted and in general. He said the company, founded by former members of Israel’s military intelligence corps, has “debriefed the intelligence community,” though he declined to describe any reactions.U.S. prosecutors in December charged two hackers with conspiring with the Chinese government to infiltrate 45 U.S. companies and government agencies, as well as firms in a dozen other countries.Geng Shuang, a Chinese foreign ministry spokesman, said Tuesday he had not seen the Cybereason research. “China is firmly opposed to cyber attacks in any form,” he said at a regularly scheduled press briefing in Beijing. He added that China does not allow such activities on Chinese soil.The Trump administration this week widened its campaign against China, blacklisting five entities seen as key to the nation’s effort to build the world’s fastest computers. Washington raised national security concerns because their computers were developed for military uses or in cooperation with the Chinese military.Div of Cybereason said his firm contacted 12 telecommunications companies regarding the attacks and discussed details of the exposure. The initial attack focused on one country, then was expanded, he said, without naming any country.Telephone carriers can act to push out hackers in a month, but the attackers will find new ways in, he said. To keep networks safe, operators should move from being passive to pro-active, he said.“We have been watching this over the past year,” said Div. “It didn’t just happen and they didn’t shut it down yet. It is still ongoing.”(Updates with comments from Cybereason CEO from fourth paragraph and China’s foreign ministry in eighth.)\--With assistance from Sharon Chen, Dandan Li and Peter Martin.To contact the reporters on this story: Dave McCombs in Tokyo at dmccombs@bloomberg.net;Gwen Ackerman in Jerusalem at gackerman@bloomberg.netTo contact the editors responsible for this story: Sam Nagarajan at samnagarajan@bloomberg.net, Edwin Chan, Dave McCombsFor more articles like this, please visit us at bloomberg.com©2019 Bloomberg L.P.

(Bloomberg) -- Cyber attackers that appear linked to the Chinese government infiltrated at least 10 global telecommunications carriers over several years and stole customer data, a Boston-based research firm said.

There is a “high degree of certainty” that a team acting on behalf of China was involved and sought to take communications data related to specific individuals, Cybereason said in a June 25 report. The breach involved tools and techniques consistent with those used by a group identified as APT10, it said.

In at least one case, attackers gained access over the past seven years, increasing the penetration and eventually reaching every level, Lior Div, Cybereason chief executive officer, said in a phone interview.

“It reached a point that they could manage the infrastructure as if it was theirs,” he said. “They created a shadow IT department and could do what they wanted in the environment.”

The alleged attack, code-named Operation Soft Cell, comes as the U.S. blacklists major Chinese technology companies over suspicions they help the government spy. Cybersecurity researchers have accused hackers of being affiliated with Beijing in the past and the Cybereason report published Tuesday pointed out similarities to previous attacks by APT10, a unit it said operated on behalf of a Chinese government ministry.

Div declined to identify any of the targeted companies and said Cybereason was concerned about the lives of individuals -- those targeted and in general. He said the company, founded by former members of Israel’s military intelligence corps, has “debriefed the intelligence community,” though he declined to describe any reactions.

U.S. prosecutors in December charged two hackers with conspiring with the Chinese government to infiltrate 45 U.S. companies and government agencies, as well as firms in a dozen other countries.

Geng Shuang, a Chinese foreign ministry spokesman, said Tuesday he had not seen the Cybereason research. “China is firmly opposed to cyber attacks in any form,” he said at a regularly scheduled press briefing in Beijing. He added that China does not allow such activities on Chinese soil.

The Trump administration this week widened its campaign against China, blacklisting five entities seen as key to the nation’s effort to build the world’s fastest computers. Washington raised national security concerns because their computers were developed for military uses or in cooperation with the Chinese military.

Div of Cybereason said his firm contacted 12 telecommunications companies regarding the attacks and discussed details of the exposure. The initial attack focused on one country, then was expanded, he said, without naming any country.

Telephone carriers can act to push out hackers in a month, but the attackers will find new ways in, he said. To keep networks safe, operators should move from being passive to pro-active, he said.

“We have been watching this over the past year,” said Div. “It didn’t just happen and they didn’t shut it down yet. It is still ongoing.”

(Updates with comments from Cybereason CEO from fourth paragraph and China’s foreign ministry in eighth.)

--With assistance from Sharon Chen, Dandan Li and Peter Martin.

To contact the reporters on this story: Dave McCombs in Tokyo at dmccombs@bloomberg.net;Gwen Ackerman in Jerusalem at gackerman@bloomberg.net

To contact the editors responsible for this story: Sam Nagarajan at samnagarajan@bloomberg.net, Edwin Chan, Dave McCombs

For more articles like this, please visit us at bloomberg.com

©2019 Bloomberg L.P.