ANNOUNCEMENT

DEMO THE CYBEREASON DEFENSE PLATFORM

Future-Ready Cybersecurity Protection

See how Cybereason allows defenders to detect earlier and remediate faster with one lightweight agent and an array of deployment options.
Back to Newsroom

Cybereason Briefs Several U.S. House and Senate Committees on the Massive State-Sponsored Espionage Campaign Against Critical Infrastructure Telcos

Jul 29, 2019

Cybereason, creators of the leading Cyber Defense Platform, today announced it recently briefed key staff members of many U.S. House and U.S. Senate Committees on ‘Operation Soft Cell,’ an investigation into a massive, espionage campaign targeting nearly a dozen global telecommunications providers. Cybereason’s investigation discovered commercial, privately owned critical infrastructure companies are tools being used in state-sponsored espionage and cyber war.

Cybereason’s CTO and Co-founder Yonatan Striem-Amit and Amit Serper, Senior Director and Head of Security Research represented Cybereason in the briefings. Serper was one of the investigators in the nearly year long investigation. Striem-Amit and Serper met with the House Homeland Security Committee, Senate Homeland Security and Governmental Affairs Committee, Senate Select Committee on Intelligence, Senate Commerce, Science, and Transportation Committee, House Energy and Commerce Committee and the House Permanent Select Committee on Intelligence.

“The committees we met with raised questions about the likelihood of similar attacks being carried out closer to home in North America. We reiterated that we have found no evidence of this occurring to date. Operation Soft Cell is an ongoing investigation and we are finding interesting things every day. We know the hackers have specific motives and are running a highly targeted, persistent operation to own the networks and track a very targeted list of high-profile individuals on different continents,” said Striem-Amit.

Key Points from Operation Soft Cell

  • Cybereason identified an advanced, persistent attack targeting telecommunications providers that has been underway for years, soon after deploying into the environment.
  • Cybereason spotted the attack and later supported the telecommunications provider through four more waves of the advanced persistent attack over the course of 6 months.
  • Operation Soft Cell has been active since at least 2012, though some evidence suggests even earlier activity by the threat actor against telecommunications providers.

-The attack was aiming to obtain CDR records of a large telecommunications provider.

  • The threat actor was attempting to steal all data stored in the active directory, compromising every single username and password in the organization, along with other personally identifiable information, billing data, call detail records, credentials, email servers, geo-location of users, and more.
  • The tools and TTPs used are commonly associated with Chinese threat actors

During the persistent attack, the attackers worked in waves- abandoning one thread of attack when it was detected and stopped, only to return months later with new tools and techniques.
About Cybereason
Cybereason, creators of the leading Cyber Defense Platform, gives the advantage back to the defender through a completely new approach to cybersecurity. Cybereason offers endpoint detection and response (EDR), next-generation antivirus (NGAV), and active monitoring services, powered by its cross-machine correlation engine. The Cybereason suite of products provides unmatched visibility, increases analyst efficiency and effectiveness, and reduces security risk. Cybereason is privately held, has raised $189 million from top-tier VCs, and is headquartered in Boston, with offices in London, Sydney, Tel Aviv and Tokyo.

Learn more: https://www.cybereason.com/

Media Contact:
Bill Keeler
Senior Director, Global Public Relations
Cybereason
bill.keeler@cybereason.com
(929) 259-3261