"Key Findings:

- Multi-Vector Surveillance: We identified actors using multiple techniques to track targets by combining 3G and 4G signalling network protocols with direct device exploitation via SMS.
SIM Card Exploitation: One campaign sent a malicious SMS containing hidden SIM card commands to extract location information, attempting to turn the device into a covert tracking beacon.
- Sophisticated and Customized Tooling: Both actors used customized surveillance tooling to spoof operator identities, manipulate signalling protocols, and steer traffic through specific interconnect network paths to evade defenses and mask attribution.
- Global Network Infrastructure: The attacks leveraged identifiers and infrastructure associated with operators worldwide, including networks based in the UK, Israel, China, Thailand, Sweden, Italy, Liechtenstein, Cambodia, Mozambique, Uganda, Rwanda, Poland, Switzerland, Morocco, Namibia, Lesotho, and the self-governing Island of Jersey, demonstrating extensive global reach.
- Persistent Campaign Activity: Telemetry shared by mobile signalling security provider Cellusys reveals that operator identifiers were reused over multiple years, forming consistent clusters that enabled long-running surveillance operations.
- Weak Intercarrier Provider OPSEC: Weak screening of interconnect traffic allowed attackers to route surveillance messages through trusted operator pathways, enabling access to targeted networks."

https://citizenlab.ca/research/uncovering-global-telecom-exploitation-by-covert-surveillance-actors/

#Surveillance #CyberSecurity #BigTelco