At least 13 phone firms hit by suspected Chinese hackers since 2019, say experts

LightBasin hackers were able to obtain subscriber information and call metadata, says CrowdStrike

At least 13 phone companies around the world have been compromised since 2019 by sophisticated hackers who are believed to come from China, a cybersecurity expert group has said.

The roaming hackers – known as LightBasin – were able to “search and find” individual mobile phones and “target accordingly”, according to CrowdStrike, a group regularly cited by western intelligence.

Hackers were also able to obtain personal subscriber information held by phone companies and metadata showing who made and received calls.

“Sophisticated signals intelligence activity” aimed at phone company networks has been considered a core function of western intelligence agencies such as the NSA in the US and GCHQ in the UK. But this is one of the first times its existence by groups linked to Beijing been publicly disclosed in the west.

CrowdStrike researchers indicated they believed LightBasin was a “Chinese state-sponsored” group gathering information “likely to be of significant interest to intelligence organizations”.

The attribution was not definitive but Adam Meyers, a senior vice-president at CrowdStrike, said there was also evidence that LightBasin was operating in support of other well-established Chinese groups, who typically carry out hacking activity at the ultimate direction of Beijing.

Meyers added that the research group “was able to uncover passwords used by the LightBasin cluster which were in Pinyin, romanised Chinese characters”.

Western experts have said Chinese hacking is running at record levels, describing it as a low-level form of cyberwarfare that has traditionally been focused on intellectual property but also includes classic espionage activity.

Worries about China’s influence in telecoms have also underpinned the decision by some western countries such as the US to exclude the supplier Huawei from their phone networks – although the company insists it never allows spying on its customers. Last year, the UK said it would strip out Huawei kit from 5G phone networks from 2027.

China has consistently denied being involved in hacking despite a number of attempts by the US and other western nations to call it out. In July, China’s foreign ministry accused Washington of “ganging up with its allies” and engaging in “smear and suppression out of political motives”.

That denial came after the US, the EU, Nato, the UK and four other countries accused Beijing of being behind a massive exploitation of vulnerabilities in Microsoft’s widely used Exchange company server software in March. It affected about 250,000 organisations worldwide, allowing hackers to siphon corporate emails for espionage.

Governments can be slower to attribute claims of hacking and other cyber-activity to a country, often waiting for tech companies or researchers to put the initial claims in the public domain.

Contributor

Dan Sabbagh Defence and security editor

The GuardianTramp

Related Content

Article image
NSA targeted Chinese telecoms giant Huawei – report
As Obama prepares to meet Xi Jinping on Monday, report says NSA created 'back doors' into networks maintained by Huawei

Martin Pengelly in New York

22, Mar, 2014 @8:48 PM

Article image
Russian hackers suspected of Kremlin ties used Windows bug ‘to spy on west’
Cyber-threat intelligence firm iSight says ‘Sandworm Team’ used unknown bugs from 2009 to steal EU and Nato documents

Alec Luhn in Moscow

14, Oct, 2014 @5:41 PM

Article image
Dispute along cold war lines led to collapse of UN cyberwarfare talks
Thirteen years of negotiations came to an abrupt end in June, it has emerged, because of a row over the right to self-defence in the face of attacks

Owen Bowcott Legal affairs correspondent

23, Aug, 2017 @5:00 AM

Article image
US accusations of Chinese hacking point to eight-year spying campaign
Department of Justice indictment confirms existence of projects such as 'Titan Rain' and pattern of attacks against US firms. By Charles Arthur

Charles Arthur

19, May, 2014 @7:04 PM

Article image
Experts say China’s low-level cyberwar is becoming severe threat
Activity more overt and reckless despite US, British and other political efforts to bring it to a halt

Dan Sabbagh Defence and security editor

23, Sep, 2021 @12:58 PM

Article image
John Kerry hits out at Chinese cyber-spying
John Kerry has condemned computer espionage at meetings in Beijing amid new reports of Chinese hacking of US offices

Jonathan Kaiman in Beijing

10, Jul, 2014 @12:18 PM

Article image
EU to run war games to prepare for Russian and Chinese cyber-attacks
Ministers to be put in fictional scenarios after series of hacking incidents

Daniel Boffey in Helsinki

27, Jun, 2019 @12:48 PM

Article image
Google the latest victim of Chinese 'state-sponsored' cyberwar

MI5 and US intelligence warned their top firms long ago about China's 'government-backed hacking'

Charles arthur, technology editor

14, Jan, 2010 @7:05 AM

Article image
UK and allies accuse Chinese state-backed group of Microsoft hack
British foreign secretary says Beijing will be held to account if it does not stop ‘systematic cyber sabotage’

Dan Sabbagh, Jennifer Rankin and Peter Walker

19, Jul, 2021 @2:21 PM

Article image
MPs raise alarm over Chinese equipment in UK phone networks
Committee flags up fears that telecoms firm Huawei could be involved in spying or cyber-attacks

Juliette Garside and Richard Norton-Taylor

06, Jun, 2013 @10:15 AM