At least 13 phone companies around the world have been compromised since 2019 by sophisticated hackers who are believed to come from China, a cybersecurity expert group has said.
The roaming hackers – known as LightBasin – were able to “search and find” individual mobile phones and “target accordingly”, according to CrowdStrike, a group regularly cited by western intelligence.
Hackers were also able to obtain personal subscriber information held by phone companies and metadata showing who made and received calls.
“Sophisticated signals intelligence activity” aimed at phone company networks has been considered a core function of western intelligence agencies such as the NSA in the US and GCHQ in the UK. But this is one of the first times its existence by groups linked to Beijing been publicly disclosed in the west.
CrowdStrike researchers indicated they believed LightBasin was a “Chinese state-sponsored” group gathering information “likely to be of significant interest to intelligence organizations”.
The attribution was not definitive but Adam Meyers, a senior vice-president at CrowdStrike, said there was also evidence that LightBasin was operating in support of other well-established Chinese groups, who typically carry out hacking activity at the ultimate direction of Beijing.
Meyers added that the research group “was able to uncover passwords used by the LightBasin cluster which were in Pinyin, romanised Chinese characters”.
Western experts have said Chinese hacking is running at record levels, describing it as a low-level form of cyberwarfare that has traditionally been focused on intellectual property but also includes classic espionage activity.
Worries about China’s influence in telecoms have also underpinned the decision by some western countries such as the US to exclude the supplier Huawei from their phone networks – although the company insists it never allows spying on its customers. Last year, the UK said it would strip out Huawei kit from 5G phone networks from 2027.
China has consistently denied being involved in hacking despite a number of attempts by the US and other western nations to call it out. In July, China’s foreign ministry accused Washington of “ganging up with its allies” and engaging in “smear and suppression out of political motives”.
That denial came after the US, the EU, Nato, the UK and four other countries accused Beijing of being behind a massive exploitation of vulnerabilities in Microsoft’s widely used Exchange company server software in March. It affected about 250,000 organisations worldwide, allowing hackers to siphon corporate emails for espionage.
Governments can be slower to attribute claims of hacking and other cyber-activity to a country, often waiting for tech companies or researchers to put the initial claims in the public domain.