At least 13 phone companies around the world have been compromised since 2019 by sophisticated hackers believed to be from China, a group of cybersecurity experts said.
The roaming hackers - known as LightBasin - were able to "search and find" individual cell phones and "target accordingly," according to CrowdStrike, a group regularly cited by Western intelligence services.
Hackers were also able to obtain personal subscriber information held by telephone companies and metadata indicating who made and received calls.
“Sophisticated signals intelligence activity” targeting telephone company networks has been seen as a core function of Western intelligence agencies such as the NSA in the United States and the GCHQ in the United Kingdom. But this is one of the first times that its existence by groups linked to Beijing has been publicly revealed in the West.
CrowdStrike researchers said they believed LightBasin was a "state-sponsored" group collecting information "that may be of significant interest to intelligence organizations."
The attribution was not final, but Adam Meyers, senior vice president of CrowdStrike, said there was also evidence that LightBasin was operating in favor of other well-established Chinese groups, which generally carry out hacking activity. in the ultimate direction of Beijing.
Meyers added that the research group "was able to discover the passwords used by the LightBasin cluster which were in pinyin, Romanized Chinese characters."
Western experts have said Chinese hacking is at record levels, describing it as a low-level form of cyberwarfare that has traditionally focused on intellectual property, but also includes classic espionage activity.
Concerns about China's influence in telecommunications have also underpinned the decision of some Western countries such as the United States to exclude supplier Huawei from their phone networks - although the company insists that it never allows spying on its clients. Last year, the UK announced it would be phasing out the Huawei kit from 5G phone networks starting in 2027.
China has consistently denied being involved in the hack despite a number of attempts by the United States and other Western countries to call it out. In July, the Chinese Foreign Ministry accused Washington of "teaming up with its allies" and "politically defaming and suppressing".
The denial came after the US, EU, NATO, UK and four other countries accused Beijing of being behind massive exploitation of vulnerabilities in enterprise server software Exchange widely used by Microsoft in March. It affected approximately 250,000 organizations worldwide, allowing hackers to siphon corporate emails for espionage.
Governments can be slower to attribute allegations of hacking and other cyber activity to a country, often waiting for tech companies or researchers to bring the initial allegations into the public domain.