Security breaches have become a fad in today’s world where we get to hear stories on data breach attacks every now and then. For instance, just last month, a Mumbai-based social marketing firm, Chtrbox, got hit with a data breach attack as it leaked private data of over 49 million Instagram users that was stored on an AWS server. And now, as per a research by Cybereason, a cybersecurity firm based in Boston, hackers broke into more than 10 cellular networks across the globe, stealing massive amounts of sensitive information (including user names, passwords, billing data, credentials, call records, and geolocation data among others).
SEE ALSO: Hackers Stole Data From NASA JPL Using Cheap Raspberry Pi Computer
According to reports, Cybereason is blaming the attack on China as the tools and techniques that were used by the hackers to globally attack the telecommunications providers are commonly known to be used by the ill-famed Chinese espionage group, APT-10. In fact, there were a series of such attacks that were so powerful and advanced that they managed to completely takeover the entire network. Researchers dubbed the attack as the “operation softcell” which has been active since 2012.
The very first evidence of the attack was a malicious web shell detected on an IIS server. Further analysis of the web shell uncovered several phases of the attack. Hackers apparently used the web shell to run certain “reconnaissance commands”, steal the sensitive network credentials while also deploying other tools. Web-shell has been detected as a slightly different version of the China Chopper web shell that’s used by Chinese hackers. Once the hackers had got their hands on all the credentials and network data, they created domain user accounts to take more malicious actions.
Amit Serper, head of security research, Cybereason told TechCrunch, “You could see straight away that they know what they’re after. They would exploit one machine that was publicly accessible through the internet, dump the credentials from that machine, use the credentials stolen from the first machine and repeat the whole process several times”.
SEE ALSO: Hackers Can Now Steal Your Password By Listening To How You Type On Your Phone
China has already been under the scanner over hacking-related concerns. For instance, the U.S Justice Department released an indictment report last year which claimed that Chinese hackers breached business and government networks. Similarly, a report by The New York Times, last year, also blamed Chinese hackers for the Marriott’s Starwood guest database breach.
Cybereason has suggested certain security recommendations that includes adding an additional security layer for web-servers, patching all the web servers and services, and using an EDR tool to provide direct response capabilities.