China-linked hacking group accessing call records


A hacking group with suspected ties to China burrowed into mobile telephone networks worldwide and used specialised tools to grab call records and text messages from telecommunication carriers, a US cybersecurity company said.

CrowdStrike said the group, which it dubbed LightBasin, had been acting since at least 2016, but was recently detected using tools among the most sophisticated yet discovered.

Telecoms companies have long been a top target for nation-states, with attacks or attempts seen from China, Russia, Iran and others. The US also seeks access to call records, showing which numbers called each other, how often and for how long.

CrowdStrike Senior Vice President Adam Meyers said his company gleaned the information responding to incidents in multiple countries, which he declined to name.

Meyers said the programmes could retrieve specific data unobtrusively. “I’ve never seen this degree of purpose-built tools,” he said.

Meyers said his team was not accusing the Chinese government of directing attacks by the hacking group. He said the attacks had connections to China including cryptography relying on Pinyin phonetic versions of Chinese language characters, as well as techniques echoing previous Chinese government attacks.

Asked for comment, the US Cybersecurity and Infrastructure Security Agency said it was aware of the CrowdStrike report and would work closely with US carriers.

“This report reflects ongoing cybersecurity risks facing organisations large and small and the need to take concerted action,” an official said.

“Common sense steps include multi-factor authentication, patching, updating software, deploying threat detection capabilities and maintaining an incident response plan.”

The findings underscore the vulnerability of major networks providing the backbone for communications and help explain increasing demand for strong, end-to-end encryption that networks – and anyone with access to those networks – cannot decipher.