Large scale and long term attack targeting telecom companies around the world was discovered recently. The attack is named as Operation Soft Cell by security firm Cybereason the first company to discover the attack saw that hundreds of gigabytes of information exfiltrated. The security company said that the attackers have total control of compromised networks and could have easily brought down a complete network if they wanted to. Amit Serper, the Principal security researcher at Cybereason, added that cellular service is a critical infrastructure for businesses today. What is shocking the amount of data access they have in terms of the network. The worst thing is that they can sabotage it and one day even just shut the complete network without thinking.
Cybereason has not named the top ten telecoms involved but added the regions that they span across Europe, Asia, Africa, and the Middle East. The company said that it had found no such evidence that North American companies have been compromised. Cybereason analyzed that over 100GB of data mostly in the form of Call Details Records (CDRs) are compromised on behalf of the intelligence agency potentially spanning more than seven decades. It’s a sophisticated kind of attack to steal information rather than disrupt the network may be for strategic operation by an intelligence gathering agency.
CDRs include call and messaging logs, device information, data location that could provide the data of the owner along with physical details. Metadata while not providing information on the content of calls and messages but will be providing complete information about the user location, movements, and network. So these give unlimited access to personal tracking rather than information about calls or messages. The attackers gained access using the vulnerable public facing server that would have provided access across the networks. Using compromised credentials, they were able to create high privileged domain user accounts, having exfiltrated the entire Active directory database so that the actor would have access to every single record in the active directory.