Cybereason, creators of the leading Cyber Defense Platform, today announced it recently briefed key staff members of many U.S. House and U.S. Senate Committees on ‘Operation Soft Cell, ’ an investigation into a massive, espionage campaign targeting nearly a dozen global telecommunications providers. Cybereason’s investigation discovered commercial, privately owned critical infrastructure companies are tools being used in state-sponsored espionage and cyber war.
Cybereason’s CTO and Co-founder Yonatan Striem-Amit and Amit Serper, Senior Director and Head of Security Research represented Cybereason in the briefings. Serper was one of the investigators in the nearly year long investigation. Striem-Amit and Serper met with the House Homeland Security Committee, Senate Homeland Security and Governmental Affairs Committee, Senate Select Committee on Intelligence, Senate Commerce, Science, and Transportation Committee, House Energy and Commerce Committee and the House Permanent Select Committee on Intelligence.
“The committees we met with raised questions about the likelihood of similar attacks being carried out closer to home in North America. We reiterated that we have found no evidence of this occurring to date. Operation Soft Cell is an ongoing investigation and we are finding interesting things every day. We know the hackers have specific motives and are running a highly targeted, persistent operation to own the networks and track a very targeted list of high-profile individuals on different continents,” said Striem-Amit.
Key Points from Operation Soft Cell
• Cybereason identified an advanced, persistent attack targeting telecommunications providers that has been underway for years, soon after deploying into the environment.
• Cybereason spotted the attack and later supported the telecommunications provider through four more waves of the advanced persistent attack over the course of 6 months.
• Operation Soft Cell has been active since at least 2012, though some evidence suggests even earlier activity by the threat actor against telecommunications providers.
- The attack was aiming to obtain CDR records of a large telecommunications provider.
• The threat actor was attempting to steal all data stored in the active directory, compromising every single username and password in the organization, along with other personally identifiable information, billing data, call detail records, credentials, email servers, geo-location of users, and more.
• The tools and TTPs used are commonly associated with Chinese threat actors
During the persistent attack, the attackers worked in waves- abandoning one thread of attack when it was detected and stopped, only to return months later with new tools and techniques.
Cybereason (cybereason.com), creators of the leading Cyber Defense Platform, gives the advantage back to the defender through a completely new approach to cybersecurity. Cybereason offers endpoint detection and response (EDR), next-generation antivirus (NGAV), and active monitoring services, powered by its cross-machine correlation engine. The Cybereason suite of products provides unmatched visibility, increases analyst efficiency and effectiveness, and reduces security risk. Cybereason is privately held, has raised $189 million from top-tier VCs, and is headquartered in Boston, with offices in London, Sydney, Tel Aviv and Tokyo.