Advertisement
Subscribe to our daily newsletter.
Subscribe

Suspected Chinese hackers took advantage of Microsoft Exchange vulnerability to steal call records

Chinese hackers are still swiping call records.

By

Two cellphone towers are seen on top of a building in Beijing on September 24, 2020. (Photo by NICOLAS ASFOURI/AFP via Getty Images)

Hackers with ties to China took advantage of vulnerabilities in Microsoft Exchange for several months starting in late 2020 to steal call logs from a Southeast Asia telecommunication company, researchers at Cybereason report.

The White House last month formally blamed Chinese government-affiliated hacking group HALFNIUM for a massive hacking campaign exploiting vulnerabilities in Microsoft Exchange servers, a kind of mail technology. Cybereason found that the groups targeting the unnamed Southeast Asian telecom had access to the same vulnerability for months prior to Microsoft’s disclosure.

The new findings build on a 2019 report from Cybereason, in which investigators identified a long-running hacking campaign that breached about 10 cellular providers in Africa, Europe, the Middle East, and Asia. Now researchers can say that not only has that group not let up, but that they are now also joined by two more groups tied to Chinese intelligence conducting the same kinds of operations.

The three clusters of activity detailed in the report had evaded detection since at least 2017, according to the research. Given the focus on the same target and the overlap in tactics, it appears likely that all three groups were working in the interest of the Chinese government, says Assaf Dahan, head of threat research at Cybereason.

Advertisement

Dahan says it’s likely that the hackers accessed hundreds of gigabytes, if not terabytes, of data from the cellular provider. That could amount to hundreds of thousands of call records. Most likely, however, the hackers sought a handful of select targets of interest to the Chinese government, such as political dissidents.

While there are a number of ways for foreign governments to conduct espionage against individuals, such as using spyware directly on a target’s phone, going straight after the telecom providers can make the activity harder to detect, says Dahan.

“It will be very difficult to understand who were the actual targets because it’s not like they’re attacking the end-users,” says Dahan. “They’re attacking the provider. It makes attribution harder.”

While the hackers have primarily targeted Asian telecom providers, the attacks could be recreated against providers in other regions, Dahan notes.

Tonya Riley

Written by Tonya Riley

Tonya Riley covers privacy, surveillance and cryptocurrency for CyberScoop News. She previously wrote the Cybersecurity 202 newsletter for The Washington Post and before that worked as a fellow at Mother Jones magazine. Her work has appeared in Wired, CNBC, Esquire and other outlets. She received a BA in history from Brown University. You can reach Tonya with sensitive tips on Signal at 202-643-0931. PR pitches to Signal will be ignored and should be sent via email.
Advertisement
Advertisement

More Like This

Advertisement

Top Stories

Advertisement

More Scoops

Confetti flies over the stage and crowd as Taiwan’s president-elect from the Democratic Progressive Party, Lai Ching-te, speaks to supporters at a rally at the party’s headquarters on January 13, 2024 in Taipei, Taiwan. Lai was among the politicians targeted by AI-generated propaganda. (Photo by Annice Lyn/Getty Images)

Chinese hackers turn to AI to meddle in elections

Beijing’s influence operations are experimenting with synthetically generated content to carry out influence operations, per Microsoft report.
By Derek B. Johnson

Latest Podcasts

How Troy Hunt knows if you’ve been hacked and Washington tries to understand AI

Why pig butchering is the worst kind of online scam

How the FBI fights ransomware

The logo of the podcast Safe Mode

Rumman Chowdhury on AI red-teaming; a Sisense supply chain attack

Government

Technology

Threats

Geopolitics