Hacking group LightBasin broke into at least 13 mobile networks – report

According to a detailed report from CrowdStrike, more than a dozen mobile network operators have been infiltrated by a hacking group called LightBasin since 2019.

Importantly, the cybersecurity research firm said that the hackers were able to access subscriber information and call record details. However, the firm did not disclose the identities of the mobile network operators that were hacked, and officials did not answer questions from Light Reading about why they wouldn’t name the affected companies.

Secure mobile infrastructure “is not something that you can take for granted,” cautioned Adam Meyers, CrowdStrike’s senior VP of intelligence, in comments to Cyberscoop.

The firm’s report detailed a number of methods, both simple and complex, that the hacking group used to gain access. For example, one method involved simply attempted to log into systems using the names of standard equipment vendors.

CrowdStrike described LightBasin – also known as UNC1945 – as an “activity cluster” that has been targeting companies in the telecommunications sector since at least 2016. The firm said the group has some knowledge of the Chinese language but that it “does not assert a nexus between LightBasin and China.”

Another day, another attack

This isn’t the first report to call out hacks into telecom network operators. In 2019, Cybereason reported that a nation-state-backed hacking operation of Chinese origin had broken into 10 different telecom companies. However, the firm again did not name the companies that had been hacked.

“Someone was actually active in the network, going from computer to computer stealing credentials and siphoning out what can only be described as an insane amount of data – hundreds of gigabytes of data,” Amit Serper, principal security researcher at Cybereason, told ZDNet at the time.

The firm said the hackers targeted companies in Europe, Africa, the Middle East and Asia, and accessed information including call data records and the geolocation of users.

But those broad reports are supplemented by more targeted hacks. For example, the US Department of Justice (DoJ) offered a detailed look at a hack into AT&T in the US….