From theregister.com
A mysterious criminal gang is targeting telcos’ Linux and Solaris boxes, because it perceives they aren’t being watched by infosec teams that have focussed their efforts on securing Windows.
Security vendor CrowdStrike claims it’s spotted the group and that it “has been consistently targeting the telecommunications sector at a global scale since at least 2016 … to retrieve highly specific information from mobile communication infrastructure, such as subscriber information and call metadata.” The gang appears to understand telco operations well enough to surf the carrier-to-carrier links that enable mobile roaming, across borders and between carriers, to spread its payloads.
CrowdStrike principal consultant Jamie Harries and senior security researcher Dan Mayer named the group “LightBasin”, but it also goes by the handle “UNC1945”.
Whatever the group is called, the pair write that it “employs significant operational security (OPSEC) measures, primarily establishing implants across Linux and Solaris servers, with a particular focus on specific telecommunications systems, and only interacting with Windows systems as needed.