Hacking Group Is Stealing Personal Data, Communications From Telecom Carriers, Researchers Find

Hacking Group Is Stealing Personal Data, Communications From Telecom Carriers, Researchers Find
A man types on a computer keyboard in Warsaw on Feb. 28, 2013. Kacper Pempel/Reuters
The Daily Caller News Foundation
Updated:

A group of hackers has gained access to telecommunications infrastructure and is retrieving personal information and communications records, according to a report released Tuesday by cybersecurity company CrowdStrike.

The group, known as “LightBasin,” has operated since at least 2016 and is “utilizing scanning/packet-capture tools to retrieve highly specific information from mobile communication infrastructure, such as subscriber information and call metadata,” according to a report written by Jamie Harris and Dan Mayer at CrowdStrike.

Rather than hacking individual devices, the hackers are infiltrating global telecommunications networks to access personal data, according to the report. The researchers identified 13 telecommunications companies that LightBasin hacked since 2019.

“They don’t need to deploy the malware onto your phone if they’re owning the network that your phone is riding on,” Adam Meyers, senior vice president of intelligence at CrowdStrike, told CyberScoop. Meyers said that the hackers were able to intercept text messages, as “where this is happening, and the scale that it’s happening, there’s still quite a bit of text message traffic that occurs.”

The researchers also noticed that the hackers used tools that required knowledge of the Chinese language, but they did not assert a direct connection between the hacking group and China.

“This report reflects the ongoing cybersecurity risks facing organizations large and small and the need to take concerted action,” a spokesperson for the U.S. Cybersecurity and Infrastructure Security Agency told Reuters. “Common sense steps include implementing multifactor authentication, patching, updating software, deploying threat detection capabilities, and maintaining an incident response plan.”