Cybersecurity firm says Chinese digital spies have hacked telecom data

A network of digital spies with connections to Chinese interests has hacked part of the global telecommunications network to steal a large amount of cellphone data, according to a California-based cybersecurity firm.

CrowdStrike reported on its blog Tuesday the results of an investigation that shows the hacking group, dubbed “LightBasin” by the firm and known publicly as UNC1945, has compromised at least 13 global telecommunications companies since 2019.

“We found overlap between LightBasin and known Chinese hacking groups operating on the same network, using the same obscure Romanized version of Chinese characters,” Adam Meyers, CrowdStrike’s senior vice president of intelligence, told The Washington Times.

Unlike malware, which victims must unwittingly download, the new hacks involve mapping lesser-known communications protocols to extract bulks of information directly from the 2G and 3G networks of cell phone carriers.

With the information in hand, China can potentially track down political dissidents through the cell phones of American agents and other foreign nationals working with them.

“The LightBasin hackers are targeting individuals like diplomats, journalists and others at the cell phone carrier level. At that level, the adversary can identify where your business is located and start to look at who you’re texting and calling,” Mr. Meyers explained.

Specifically, the hackers use General Packet Radio Service (GPRS) technology — which allows cell phones to open up a browser and communicate with the internet — and public telephone networks to extract the data.

“They’re hiding within these lesser-known protocols that some telecom companies may not know to check for malicious activity,” Mr. Meyers said.  

The firm’s investigation found “clear evidence of a highly sophisticated adversary” abusing these systems, apparently farming the information out to a state-sponsored adversary through sophisticated targeting mechanisms.

It also found evidence that LightBasin operates both in support of known PANDA (Chinese state-sponsored) adversaries and within Chinese organizations, giving the hackers “plausible deniability” if confronted.

Mr. Meyers said collaboration with the U.S. intelligence community may be necessary for the telecommunications industry to stop the ongoing, persistent and innovative attacks.