Hackers believed to be linked to the Chinese government have broken into the systems of more than a dozen global telecommunications carrierss and stolen huge amounts of data over a period going back at least seven years, according to a new report today from security researchers at Cybereason.

The hacking campaign, dubbed Operation Soft Cell, targeted “call detail records” that contained metadata on every call made on a targeted network, including times, dates and the location of the device. In addition, the same group attempted to steal all data stored by their targets, including usernames and password in the organization, billing data, email servers and other related information.

The tools used by hackers were those commonly associated with the APT10 group, a hacking group that works on behalf of the Chinese Ministry of State Security’s Tianjin State Security Bureau. Members of the group were indicted by the U.S. Department of Justice in December.

Giving credence to the idea that it was a state-sponsored campaign, the researchers noted that “the threat actor mainly sought to obtain CDR data (call logs, cell tower locations, etc.) belonging to specific individuals from various countries. This type of targeted cyber espionage is usually the work of nation-state threat actors.”

Cybereason did not name the telcos targeted but did note that it had “debriefed more than 25 different telcos, the biggest telcos in the world.”

Joel Windels, chief marketing officer at the mobile performance management firm NetMotion Software Inc., told SiliconANGLE that many people believe 4G LTE and 5G networks are inherently more secure than WiFi, but this situation reveals that the network itself isn’t the issue.

Ilia Kolochenko, founder and chief executive officer of security testing firm ImmuniWeb, said the story highlights issues with telco security.

“Many large telcos today struggle to maintain a decent level of cybersecurity due to tough competition and limited budgets, let alone a continuous increase of new hardware and infrastructure mushrooming in their premises to stay up-to-date with industry progress,” Kolochenko said. “Consequently, some don’t even have any form of up-to-date asset inventory, privilege segregation or internal security monitoring. Given the volume of valuable data of their clients, telcos are an attractive low-hanging fruit for cybercriminals.”

Tim Erlin, vice president of product management and strategy at cybersecurity tools company Tripwire Inc., said it’s apparent that if a company’s customer base includes government or intelligence employees, it needs to assume it could get hacked.

“It’s incredibly difficult for a commercial organization to mount an adequate defense against a well-funded nation-state attacker,” he said. “The scales are simply tipped in the attacker’s favor in terms of resources. Cybersecurity isn’t a game you win outright.”

A national cyberdefense policy needs to include commercial organizations, Erlin added. “While we’re seeing intelligence gathering as the target now, it’s not a far cry to imagine attacks meant to destabilize critical infrastructure,” he said.

Photo: Maxpixel