China-linked hacker group accesses records worldwide

by Joseph Menn

SAN FRANCISCO (Reuters) – A group of hackers with suspicious links to China hacked into mobile phone networks around the world and used specialized tools to obtain call logs and text messages from telecom operators, said a US digital security company. United States this Tuesday.

CrowdStrike said the group, dubbed LightBasin, has been around since at least 2016, but was more recently detected wielding tools that are among the most sophisticated ever discovered.

Telecommunications companies have long been a top target for digital attacks, with actions being triggered by groups in China, Russia, Iran and other countries. The United States also seeks access to call logs, which show which numbers have called each other, how often, and for how long.

CrowdStrike Senior Vice President Adam Meyers said his company collected the information responding to incidents in several countries, which he declined to name. The company on Tuesday published technical details to allow other companies to verify similar attacks.

Meyers said the programs can discreetly retrieve specific data. “I’ve never seen this degree of purpose-built tools,” he told Reuters.

Meyers said his team is not accusing the Chinese government of directing the hacker group’s attacks. But he said they have connections to China, including cryptography based on Pinyin phonetic versions of Chinese-language characters, as well as techniques that echo earlier attacks by the Chinese government.

The Chinese embassy in Washington did not respond to Reuters’ questions. Asked for comment, the US Cyber Security and Infrastructure Security Agency said it was aware of the CrowdStrike report and would continue to work closely with US operators.

“This report reflects the ongoing security risks facing organizations large and small and the need for joint action,” said an official through a spokesperson.

“Common sense steps include implementing multifactor authentication, applying bug fixes, updating software, deploying threat detection capabilities, and maintaining an incident response plan.”

The findings underscore the vulnerability of key networks that provide the backbone for communications and help explain the growing demand for strong end-to-end cryptography that networks—and anyone with access to those networks—can’t decrypt.