Nation-State Attacker of Telecommunications Networks
Someone has been hacking telecommunications networks around the world:
- LightBasin (aka UNC1945) is an activity cluster that has been consistently targeting the telecommunications sector at a global scale since at least 2016, leveraging custom tools and an in-depth knowledge of telecommunications network architectures.
- Recent findings highlight this cluster’s extensive knowledge of telecommunications protocols, including the emulation of these protocols to facilitate command and control (C2) and utilizing scanning/packet-capture tools to retrieve highly specific information from mobile communication infrastructure, such as subscriber information and call metadata.
- The nature of the data targeted by the actor aligns with information likely to be of significant interest to signals intelligence organizations.
- CrowdStrike Intelligence assesses that LightBasin is a targeted intrusion actor that will continue to target the telecommunications sector. This assessment is made with high confidence and is based on tactics, techniques and procedures (TTPs), target scope, and objectives exhibited by this activity cluster. There is currently not enough available evidence to link the cluster’s activity to a specific country-nexus.
Some relation to China is reported, but this is not a definitive attribution.
Hedo • October 22, 2021 7:32 AM
Attribution is hard. (I know, I know, I’ll be that parrot/broken record today).
Internet protocols/standards/layers need a serious remodeling from ground up.
It was built on a very insecure foundation and it’s time it got rebuilt with
NON-REPUDIATION built in everywhere. Every step of the way, non-repudiation
must be enforced, non-negotiable, not optional, mandatory.
This would take care of Authenticity, Accountability, Integrity, and
many other important things because the amount of negative consequences
(impact on human lives/safety), grows by the day, and we need to start
making these cyber crimes (ransomware, etc) an INTEGRAL part of our foreign policy.
I’m referring to the USA, but this can easily be applied to any other country/government.
In other words, there must be political/diplomatic, state level policies in place,
on the books, that provide for appropriate sanctions for those engaging and/or aiding
such activities. I may not live to see it, but some of these nasty hacks taking place
today, may actually lead to, or be perceived as acts of war in the near future.
But “Let’s go back to the rock and see it @440”
Attribution is hard.
PS:
Trying to act my age today.