The stealthy LightBasin hacking group (also known as UNC1945) is infiltrating telecommunications companies around the world in a campaign that researchers have linked to intelligence gathering and cyber espionage. LightBasin's primary focus is on Linux and Solaris servers that are critical for running telecommunications infrastructure – and are likely to have less security measures in place than Windows systems.
The campaign, which has been active since at least 2016, has been detailed by cybersecurity researchers at CrowdStrike, who've attributed the activity to a group they call LightBasin – also known as UNC1945.
It's believed that, since 2019, the offensive hacking group has compromised at least 13 telecommunication companies with the aim of stealing information about mobile communications infrastructure, including subscriber information and call metadata – and in some cases, direct information about what data smartphone users are sending and receiving via their devices.