Back

Global Telecom Exploitation: Covert Surveillance Campaigns Uncovered

Severity: High (Score: 65.0)

Sources: Cyberscoop, Gbhackers, www.wyden.senate.gov, citizenlab.ca, Cybersecuritynews

Summary

Recent investigations by Citizen Lab revealed two sophisticated surveillance campaigns exploiting vulnerabilities in global mobile networks, particularly through the SS7 and Diameter signaling protocols. These campaigns, attributed to unidentified commercial surveillance vendors, have been tracking individuals' locations without direct device interaction. The research indicates that the campaigns utilized access to three telecom providers: 019Mobile (Israel), Tango Networks (UK), and Airtel Jersey (Channel Islands). Despite the implementation of newer security features in Diameter, attackers have found ways to exploit both Diameter and the older SS7 protocol. The findings highlight a systemic issue where telecom infrastructure, designed for seamless connectivity, is misused for covert surveillance. This ongoing exploitation raises significant concerns for regulators and the telecom industry regarding accountability and oversight. The report emphasizes that despite previous disclosures, such activities persist without repercussions. Key Points: • Two surveillance campaigns exploiting SS7 and Diameter protocols were uncovered. • Access to 019Mobile, Tango Networks, and Airtel Jersey was abused for tracking individuals. • The exploitation of telecom vulnerabilities continues despite known risks and prior reports.

Key Entities

  • DDoS (attack_type)
  • Cambodia (country)
  • China (country)
  • Israel (country)
  • Italy (country)
  • Lesotho (country)
  • CWE-287 - Improper Authentication (cwe)
  • cst001.epc.mnc053.mcc234.3gppnetwork.org (domain)
  • dex01.epc.mnc001.mcc460.3gppnetwork.org (domain)
  • dra1.je211.epc.mnc003.mcc234.3gppnetwork.org (domain)
  • epc.mnc001.mcc460.3gppnetwork.org (domain)
  • epc.mnc019.mcc425.3gppnetwork.org (domain)
  • Telecommunications (industry)
  • 185.24.204.0 (ipv4)
  • 185.24.204.8 (ipv4)
  • T1071 - Application Layer Protocol (mitre_attack)
  • Diameter (platform)
  • SS7 (platform)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed