Global telecommunication companies have been targeted by a cyber-attack that seeks to steal sensitive customer call records, according to US-based cyber security firm Cybereason.
The attack, dubbed “Operation Soft Cell”, has been active since at least 2012 and affected at least 10 telecom companies in multiple countries.
The hackers managed to infiltrate the deepest segments of the providers’ network, including some isolated internet segments, and compromise critical assets, according to Cybereason.
The attacks showed some signs of being carried out by a nation state. Although cyber criminals are generally motivated by financial gain, nation states are typically seeking intellectual property or sensitive information about their clients.
According to Cybereason, the hackers were attempting to steal call detail records, which includes usernames and passwords, as well as personally identifiable information, such as billing data, call detail records, credentials, emails, and the geo-location data of users.
The attacks were targeted and customised. The hackers worked in waves, abandoning attacks when detected, only to return months later with new tools and techniques. In one instance, Cybereason identified four attack waves over a period of six months.
The hackers mostly used known tools, customised for each attack, although some unknown tools were also used in the later stages of the attack to decrease the risk of exposure or attribution, according to Cybereason.
These tools were used in the later stages of the attack to decrease the risk of exposure or attribution, it said.