Contact Us

Learning from cyber
espionage attacks
like Operation
Soft Cell

Author: Sue Poremba

Operation Soft Cell is a coordinated and ongoing cyber attack that has affected telecommunications companies since at least 2017, using advanced persistent threats (APT) to slowly steal data from unsuspecting victims. Security experts suspect that the attack is being used to target politicians, business executives, law enforcement and opposition candidates in political elections, among others.

SC Magazine reported in June 2019 that the campaign deployed multiwave attacks to commandeer and reconfigure targets' IT networks, setting up virtual private networks as a back door back into the network.

These sophisticated cyber espionage attacks are designed to disrupt critical telecommunications infrastructure. Operation Soft Cell highlights how nation-states are using cyber espionage techniques to steal sensitive data and cripple vital cyber resources.

What makes cyber espionage attacks different?

Most cyber attacks are designed for financial gain. Hackers want to access financial information in your networks that they can sell or use for blackmail. Cybercriminals typically use tactics such as phishing, ransomware and man-in-the-middle attacks to harvest user credentials or corporate data.

Cyber espionage attacks are also designed to gather sensitive data, but because the attacks come from nation-state actors, the end goal is intellectual property, classified information or access—stealing a piece of code for a weapons system, perhaps, or manipulating code to disable it.

A nation-state cyber espionage attack almost always deploys APTs, and it often remains in stealth mode in a network for years before it's detected. The bad actors can track the data they want; they can see how code is updated, track which projects have been discarded and monitor confidential communications between government officials. Other attacks don't provide those long-term benefits—or do that kind of long-term damage.

Cyber espionage, like other cyber attacks, has become more sophisticated over time. However, many victims didn't realize their role in geopolitical conflicts and regarded cyber espionage attacks like any other type of cyber attack for far too long. With nation-states now waging almost-constant cyberwars, cyber espionage has reached a new level of strategic value—and enterprises are paying attention.

What we've learned from Operation Soft Cell

New Statesman reported last year that Operation Soft Cell took advantage of sluggish cyber defenses weakened by the spate of telecommunications industry mergers over the past decade. The attack came in waves; if one APT was detected, the attack could perpetuate more by simply dropping that vector and moving to another. Nation-states often perform test runs for more damaging attacks to see what data or which part of a system is most vulnerable. If the first attempted hack, for example, targeted the billing files of a single telecom, the follow-up attack a year or two later could be designed to disable cellular services and Internet service providers.

One of the most important takeaways from the discovery of Operation Soft Cell is the need to shrink the attack surface by decreasing the number of systems visible to the internet. Businesses don't always know what information might be considered an asset, but as big data gains power, bad actors will continue to go after it.

Learn more about how Verizon Cybersecurity Solutions can keep your data safe.