Recent attacks on telecommunications providers have raised ire around the globe, including questioning who is behind them.

The attacks, likely by Chinese state actors, aimed to snatch Call Detail Records (CDRs) of specific individuals by penetrating telecommunications companies, according to an investigation by cybersecurity company Cybereason.

CDRs are critical because they can reveal pertinent details about the nature of the call. These include the source, destination, duration, physical location, who is on the other end of the call, devices used and where the individuals are traveling, according to Cybereason.


“For a nation-state threat actor, obtaining access to this data gives them intimate knowledge of any individuals they wish to target on that network,” Cybereason said in the blog post. The cybersecurity company added the attacks have been happening since at least 2017.

This kind of data is very valuable when nation-state actors target foreign intelligence agents and politicians, Cybereason added.

“Access to metadata is crucial for intelligence, as it lets you identify what you should focus on for deeper collection and analysis,” James Lewis, senior vice president at the Center for Strategic and International Studies (CSIS), told Fox News.

And that’s not all. The attackers attempted to steal all data in an active directory “compromising every single username and password in the organization, along with other personally identifiable information, billing data, call detail records, credentials, email servers, geo-location of users, and more,” Cybereason said.

The attacker in this case also had the power to take over the telecommunications providers' networks and potentially shut them down or disrupt the provider’s cellular network “as part of a larger cyber warfare operation,” Cybereason continued.

Cybereason added that it's likely the attackers worked in waves, abandoning an attack when it was detected and stopped, then returning months later with new tools and techniques.

China likely culprit

Cybereason said that there is a very high probability that the “threat actor” behind these attacks “is backed by a nation state, and is affiliated with China.”

“China has a massive global espionage campaign and some Chinese actors focus more on telecom networks,” CSIS’ Lewis said. “In the past, this kind of thing was usually carried out by the Russians but China has this kind of network attack in their repertoire.”

Tom Kellermann, Chief Cybersecurity Officer for Carbon Black, told Fox News the Chinese are executing on the country's 50-year strategy. This allows them to "achieve information dominance via the colonization of western cyberspace," he said.

"The systemic theft of intellectual property is coupled with the colonization of sensitive corporate networks," Kellermann added.

Fox News has reached out to the Chinese Consulate with a request for comment.