Security News > 2021 > October > LightBasin hacking group breaches 13 global telecoms in two years
A group of hackers that security researchers call LightBasin has been compromising mobile telecommunication systems across the world for the past five years.
LightBasin is active since at least 2016 and targets Linux and Solaris servers in particular, although it did interact with Windows systems where needed, in their mission to steal subscriber information and call metadata.
Among the telecommunications systems that LightBasin targeted are External DNS servers, Service Delivery Platform systems, and SIM/IMEI provisioning, all of which are part of the General Packet Radio Service network that enables roaming between mobile operators.
The researchers found evidence of LightBasin brute-forcing their way on the system by trying the default credentials for the targeted system.
With backdoor access to the target Solaris system, LightBasin could steal passwords to pivot to other systems and establish persistence through the same method.
To maintain a low profile, LightBasin also added iptables rules to the eDNS server that allowed SSH communication from five compromised companies.