State-Sponsored Cyberattack Against Telecom Providers Is Targetting Data on Specific Individuals

By CircleID Reporter

The researchers at Cybereason Nocturnus have identified an advanced, persistent attack targeting global telecommunications providers carried out by a threat actor using tools and techniques commonly associated with the Chinese-affiliated threat actor APT10. This multi-wave attack is reported to have sought to steal communications data of specific individuals in various countries. In their report released today, Cyberason researchers say:

"The threat actor was attempting to steal all data stored in the active directory, compromising every single username and password in the organization, along with other personally identifiable information, billing data, call detail records, credentials, email servers, geo-location of users, and more."

Understanding the motive: "When you think of large breaches to big organizations, the first thing that comes to mind is usually payment data. ... These attacks are usually conducted by a cybercrime group looking to make money. In contrast, when a nation-state threat actor is attacking a big organization, the end goal is typically not financial, but rather intellectual property or sensitive information about their clients. ... obtaining access to this data gives them intimate knowledge of any individuals they wish to target on that network."

Related topics: Cyberattack, Telecom

Comments