Hackers potentially linked to China are continuously targeting the telecommunications sector, a report released Tuesday by cybersecurity company CrowdStrike found.
According to the report, a threat group labeled by CrowdStrike as “LightBasin” has been “consistently targeting” the global telecommunication sector since 2016 and has successfully compromised at least 13 telecommunications groups in the last two years alone.
“Given the significant intelligence value to any state-sponsored adversary that’s likely contained within telecommunications companies, CrowdStrike expects these organizations to continue to be targeted by sophisticated actors, further underscoring the criticality of securing all aspects of telecommunications infrastructure beyond simply focusing on the corporate network alone,” CrowdStrike researchers warned in the report.
The report stressed that it did “not assert a nexus” between the hacking group and China but that the developer of the tool likely “had knowledge of the Chinese language.”
“There is currently not enough available evidence to link the cluster’s activity to a specific country-nexus,” the researchers wrote.
However, CrowdStrike researchers did conclude that the hacking efforts were “consistent with a signals intelligence organization,” potentially linking the attacks to a higher-level effort.
The report urged telecommunications groups to take steps to strengthen their cybersecurity, particularly through ensuring they have access to threat intelligence and through vetting the security of third-party companies they work with.
“Securing a telecommunications organization is by no means a simple task, especially with the partner-heavy nature of such networks and the focus on high-availability systems,” the researchers wrote. “However, with the clear evidence of a highly sophisticated adversary abusing these systems and the trust between different organizations, focusing on improving the security of these networks is of the utmost importance.”
The findings were released in the midst of a difficult year in cybersecurity, which has seen separate cyberattacks both on T-Mobile, which involved the theft of data on more than 40 million individuals, and on Syniverse, a company that routes billions of text messages per year.
Critical infrastructure more generally has been targeted, including attacks by Russian-linked cybercriminal groups on Colonial Pipeline and JBS USA in May, along with ongoing ransomware attacks against hospitals and schools.
China has long been viewed as one of the most dangerous nations in cyberspace. The U.S. and several allied nations in July formally blamed hackers affiliated with the Chinese government for exploiting vulnerabilities in Microsoft’s Exchange Server, leaving thousands of organizations vulnerable to attacks.