More than ten cell service companies from around the world were hit by targeted hacks that may have revealed customers’ personal information, call logs, and other private data.
The attack, first detected and currently under investigation by the security research company Cybereason, likely began in 2012 and has targeted at least 20 victims, reports TechCrunch. While Cybereason wouldn’t share which companies were hacked because the investigation is still in-progress, the company’s cybersecurity experts say there’s a “high level of certainty” that China sponsored the attack.
Cybereason found that the hackers could likely track the physical location of their targets’ phones. They also had access to detailed records of all their cell activity, per TechCrunch.
These records included details about who contacted who and when they spoke, though they don’t log what was actually said.
The hackers targeted vulnerabilities on specific servers to get access to each telecom company’s internal networks, Cybereason’s head of security research, Amit Serper, told TechCrunch.
“You could see straight away that they know what they’re after,” said Serper. “They would exploit one machine that was publicly accessible through the internet, dump the credentials from that machine, use the credentials stolen from the first machine and repeat the whole process several times.”
The result was unrestricted access to the companies’ systems.
“Everything is completely owned,” Serper told TechCrunch.
READ MORE: Hackers are stealing years of call records from hacked cell networks [TechCrunch]
More on cybersecurity: Japan Plans to Hack 200 Million Devices to Prepare for Olympics