The identity and trick of "LightBasin" aiming for telecommunications carriers around the world

──What kind of threat group is LightBasin? Myers LightBasin (also known as UNC1945) is a cluster that has been active since at least 2016 and targets the telecom industry and carriers. He is well versed in telecom industry protocols and network architecture, and uses tools customized for telecommunications carriers to wreak havoc on a global scale. By 2019, at least 13 carriers, both mobile and fixed, have been compromised.

Adam Myers, Senior Vice President, Intelligence, CrowdStrike

──What is the aim of LightBasin? Myers: There are many cyber-attack groups whose goal is to make money by using ransomware, but that's not the case with LightBasin. They steal subscriber information from telecommunications carriers, location information of callers, SMS text information, etc. In other words, the purpose is to collect intelligence, and it seems that the state is behind it. For threat actors with sophisticated methods, there is often not enough evidence to determine attribution, and sometimes it is not known which state is behind it. In that case, we guess by tracking each activity. Given that the tools used in the attack included Chinese, we can speculate at this point that the Chinese government probably provided support, but there is no solid evidence.