What is Telecom LightBasin Cyber Attack

605

CrowdStrike security researchers have discovered that a hacking group dubbed LightBasin aka UNC1945 has been hiding in the networks of renowned telecom networks from the past 5 years, monitoring all their business operations and sending censorious data to remote servers.

Revealing the same in a blog post published on Tuesday, the California based endpoint security provider revealed that the said gang of cyber criminals could have easily targeted over 13 telecom networks so far and the count might exceed the said number in near future.

Interestingly, the findings state that the threat actors, probably funded by a government, were hiding in the external DNS servers of telcos and conducting espionage through General Packet Radio Services (GPRS) networks.

CrowdStrike stated that the behavior and language used to communicate with servers seems to be that of a Chinese state sponsored nation. However, no substantial evidence to prove the exact location of hackers has been got till date.

The attacks were being carried out from 2016 and CrowdStrike suspects that the infiltration could have happened through the 2020 revealed vulnerability of SolarWinds software and Linus Systems, where hackers sneak into the systems through SSH Tunnels and Virtual Machines.

US Department of Homeland Security and CISA jointly issued a statement that they have received the report of CrowdStrike on LightBasin attack and urged all telecommunication service providers to review their Cybersecurity postures and take necessary steps.

Ad
Naveen Goud is a writer at Cybersecurity Insiders covering topics such as Mergers & Acquisitions, Startups, Cyber Attacks, Cloud Security and Mobile Security