Multiple telecomm companies hacked; call and location data of millions of users leaked

According to network scurity specialists, a hacker group has entered the systems of at least a dozen mobile operators around the world and gained the ability to control networks without companies being able to intervene.

Cybercriminals have reportedly been exploiting this access to steal confidential information for at least the last seven years, although, according to cybersecurity firm Cyberseason, they could carry out more dangerous activities, such as disrupt communications on compromised companies. 

This hacking campaign, known as Operation Soft Cell, is aimed at telephony service providers in Europe, Asia, Africa and the Middle East. According to network security specialists, hackers began infecting multiple companies since 2012, gaining control of their networks and stealing a huge amount of personal data.

Officials from the U.S. Department of Homeland Security (NHS) consider cyberattacks against this kind of infrastructure to be a national security issue, they have even created their own center to combat such attacks because, if a hacker group were to succeed collapsing telephone networks could cause a massive disruption, however, experts believe that the main interest of threat actors is espionage, not disruption of services.

Network security specialists discovered that attackers have access to networks of more than twelve mobile phone companies exploiting known vulnerabilities, using malware hidden in Word files, or exploiting exposed servers. After accessing the companies, the hackers deploy malware across all computers on a network and try to access it with brute force attacks.

Based on the attack method, cybersecurity firm specialists believe hackers have the financial backing of some government, possibly China. The malware detected in the attacks, the method, in addition to the location of the attacking servers, are linked to the Chinese hacking group known as APT10. 

Specialists from the International Institute of Cyber Security (IICS) say all the companies involved have already received a security alert, although the mitigation measures that the affected companies will implement are still unknown.