TEL AVIV (Reuters) – Hackers have plunged into the systems of more than a dozen global telecoms companies and have accessed large amounts of personal and corporate data, researchers from a cybersecurity company said Tuesday, identifying links to former Chinese cybersecurity companies. Espionage campaigns.
FILE PHOTO: A man holds a laptop in his hand as cybercode is projected onto him. This image was taken on May 13, 2017. REUTERS / Kacper Punch / Illustration Attackers have compromised companies in more than 30 countries and wanted to gather information about individuals in government, law enforcement and politics.
Hackers also used tools related to other attacks attributed to the United States and its Western allies by Beijing, said Lior Div, Cybereason's CEO.
"For this level of sophistication, it's not a criminal group, it's a government with capabilities that can carry out such attacks," he told Reuters.
A Chinese Foreign Ministry spokesman said he knew nothing about the report However, he added, "We would never allow anyone to participate in such activities on Chinese soil or using the Chinese infrastructure."
Cybereason declined to designate the companies involved or the countries in which they operate However, people familiar with Chinese hacking operations said Beijing is increasingly targeting telecommunications in Western Europe.
Western countries are calling on Beijing to take action in cyberspace and warn that Chinese hackers are attacking businesses and government agencies across the country World have compromised to valuable business secrets and personal data for spy purposes
Div said this latest campaign his team uncovered over the past nine months has compromised the internal IT network of some audiences, allowing attackers to adjust their infrastructure and steal huge amounts of data.
In some cases, they have been able to compromise the entire Active Directory of a target and give them access to every username and password in the organization. They also received personal information, including billing information and call history, Cybereason said in a blog post.
"They built a perfect espionage environment," said Div, a former commander of Israeli military intelligence unit 8200. "They could retrieve information about the targets they are interested in at will." Those used by the attackers were previously used by a Chinese hacking group called APT10.
The US indicted two alleged APT10 members in December and, along with other Western countries, condemned the group's attacks on global technology service providers to steal intellectual property from their customers.
The company said on earlier occasions that it had identified alleged attacks from China or Iran, but it was never safe enough to name those countries.
Cybereason said, "This time, unlike in the past, we can say with certainty that the attack took place in China."
"We found not just one software, but more than five different tools, who used this particular group, "said Div.
Additional coverage by Jack Stubbs. Editing by Jane Merriman