A Cybercrime Group Has Been Hacking Telecoms to Steal Phone Records All Over the World

A Cybercrime Group Has Been Hacking Telecoms to Steal Phone Records All Over the World

Everybody hopes that their phone calls and text messages are kept private but, in reality, we know the truth: Lots of entities — from dark web criminals to the government — have ways of intercepting intimate communications. Well, add another group to that anxiety-inducing list: A hacker gang, potentially based in China, that has been infiltrating telecoms throughout the world to steal phone records, text messages, and associated metadata directly from carrier users.

That’s according to a new report from cybersecurity firm CrowdStrike, which published a technical analysis of the mysterious group’s hacking campaign on Tuesday. The report, which goes into a significant amount of detail, shows that the hackers behind the campaign have managed to infiltrate 13 different global telecoms in the span of just two years.

Researchers say that the group, which has been active since mid-2016, uses highly sophisticated hacking techniques and customised malware to infiltrate and embed within networks. Reuters reports that this has included exfiltrating “calling records and text messages” directly from carriers. Earlier research on the group suggests it has also been known to target managed service providers as an entry point into specific industries — such as finance and consulting.

The report does not mention specific telecoms that have been targeted by the campaign, so it’s unclear if any of the targets were American companies. We reached out to Verizon and AT&T for comment on the report and will update this story if they respond.

There aren’t otherwise a whole lot of details on who these hackers are or where they come from, though the report states that there is evidence that the developer of some of the hacking tools “has some knowledge of the Chinese language.” However, CrowdStrike Senior Vice President Adam Meyers told Reuters that the report was not meant to suggest that the Chinese government had played a direct (or even indirect) hand in the hacking campaign. The report further states that CrowdStrike “does not assert a nexus” between the hackers “and China.”

Whoever is responsible, this hacking campaign is unlikely to be their last rodeo, the report assures.

“Given the significant intelligence value to any state-sponsored adversary that’s likely contained within telecommunications companies, CrowdStrike expects these organisations to continue to be targeted by sophisticated actors, further underscoring the criticality of securing all aspects of telecommunications infrastructure beyond simply focusing on the corporate network alone,” the report concludes.

When reached for comment, an official from the U.S. Cybersecurity and Infrastructure Security Agency (CISA) told Gizmodo that they were “aware of” the report and that the agency would “continue to work closely with partners in the communications sector to help safeguard these critical networks.” They also added: “This report reflects the ongoing cybersecurity risks facing organisations large and small and the need to take concerted action.”

While the chances are quite slim that anybody — foreign hackers or the NSA — gives a damn about your phone calls, there is one great way to ensure that, even if they did, your chats would be kept safe. Download Signal or some other end-to-end encrypted communications platform. Such applications are basically impervious to spying due to the digital protections they provide. Best of all, most of them are free and easy to use — making it an overall good idea if you’re worried about your digital privacy.


The Cheapest NBN 50 Plans

It’s the most popular NBN speed in Australia for a reason. Here are the cheapest plans available.

At Gizmodo, we independently select and write about stuff we love and think you'll like too. We have affiliate and advertising partnerships, which means we may collect a share of sales or other compensation from the links on this page. BTW – prices are accurate and items in stock at the time of posting.