Operation Soft Cell

Operation Soft Cell, a long-running espionage campaign targeting telecommunications providers, was first uncovered by Cybereason researchers in June 2019. The threat actor behind this operation is likely state-sponsored, with the intrusion set being attributed to a Chinese cyber espionage actor due to tooling overlaps. The operation's primary tactic involves infiltrating a target, gaining a foothold, then moving laterally with the aim of maintaining persistence and extracting data from strategic targets as needed. Notably, some telecommunications companies had been infiltrated for more than five years before the activity was discovered. The Operation Soft Cell campaign has been linked to various other Chinese-aligned hacking efforts focused on telecom targets worldwide, such as those tracked by Microsoft as Gallium, which dates back to at least 2012, and APT41, known for engaging in Chinese-linked cyberespionage as well as financially motivated activity. Despite these links, conclusive attribution remains elusive, according to Sentinel Labs and QGroup researchers. The operation's primary focus has been stealing call data records, demonstrating a specialty in lurking and listening within compromised networks. The ongoing targeting of communication infrastructure through campaigns like Operation Soft Cell should serve as a warning to carriers and service providers to bolster their defenses. This is especially pertinent given that the campaign forms part of a global effort reaching back over a decade, as highlighted by SentinelLabs' analysis of Chinese cyberespionage activity targeting telecommunications entities in the greater Middle East. These activities underscore the persistent and pervasive threat posed by advanced persistent threat (APT) actors to critical communications infrastructure.