The threat actor mainly sought to obtain call detail record (CDR) data - call logs, cell tower locations, etc. - belonging to specific high-level individuals from various countries, the report stated.
"We’ve concluded with a high level of certainty that the threat actor is affiliated with China and … believed to operate on behalf of the Chinese Ministry of State Security (MSS)", the report said.
The report did not name the targeted telecommunication companies although it said hackers had hit about one-third of global telecommunications giants, with about 8 billion customers.
Moreover, the report said the operation had been underway since at least 2017, possibly earlier.
Cybereason discovered the operation, which it named Operation Soft Cell, while helping a telecommunications client through at least five attacks over the course of six months.
Obtaining access to data allows tracking the location of VIP individuals such as foreign intelligence agents, politicians, opposition candidates in an election, and even law enforcement, the report said.
The data also gives hackers intimate knowledge of targeted individuals such as billing data, call detail records, credentials, email servers, and more, the report added.
Cybereason said it was unable to determine with 100 percent certainty the identity of the threat actor, but was able to conclude with a high degree of confidence that its methods are commonly associated with the Chinese threat actor APT10.
