Hackers broke into the systems of more than a dozen global telecom firms and stole huge amounts of data in a seven-year spying campaign, researchers from a cyber security company said, identifying links to previous Chinese cyber-espionage activities.
Investigators at US-Israeli cyber firm Cybereason said on Tuesday the attackers compromised companies in more than 30 countries and aimed to gather information on individuals in government, law-enforcement and politics.
The hackers also used tools linked to other attacks attributed to Beijing by the United States and its Western allies, said Lior Div, chief executive of Cybereason.
“For this level of sophistication it’s not a criminal group. It is a government that has capabilities that can do this kind of attack,” he told Reuters.
Div later presented a step-by-step breakdown of the breach at a cybersecurity conference in Tel Aviv in the same session that the heads of U.S. and British cyber intelligence units and the head of Israel’s Mossad spy agency spoke.
“Right now we’re still tracking them,” he said. “On Saturday we debriefed more than 25 different telcos, the biggest telcos in the world.”
A spokesman for China’s Foreign Ministry said he was not aware of the report, but added “we would never allow anyone to engage in such activities on Chinese soil or using Chinese infrastructure.”
Cybereason declined to name the companies affected or the countries they operate in, but people familiar with Chinese hacking operations said Beijing was increasingly targeting telcos in Western Europe.
Western countries have moved to call out Beijing for its actions in cyberspace, warning that Chinese hackers have compromised companies and government agencies around the world to steal valuable commercial secrets and personal data for espionage purposes.
A spokesman for Deutsche Telekom, Europe’s biggest telco, said his company was not in contact with Cybereason prior to publication of the report.
Div said this latest campaign, which his team uncovered over the last nine months, compromised the internal IT network of some of those targeted, allowing the attackers to customise the infrastructure and steal vast amounts of data.