Telecoms firms have been warned they could be at risk from a mysterious cybercrime group that has been using much more sophisticated techniques than your average hacker.

Cyber security firm Cloudstrike identified the presence of hackers able to spy on users of telecoms providers across the world. The group uses technology developed itself to gain access to consumers’ details (such as their subscriber information and call metadata) without even needing to hack their phones directly. Instead. All this can be gleaned straight from the carrier.

According to Cloudstrike, the group has an extensive understanding of the telecoms industry and how its technology works – which may have played a significant part in why the group hasn’t been rumbled yet, despite fears that these hacks stretch back as far as 2016.

Little is known about the hackers, so much so that they are not being tracked as a distinct entity of their own. Instead, Cloudstrike is monitoring clusters of activity referred to as LightBasin; a series of similar hacks across a host of telecoms companies.

That said, Cloudstrike’s threat intelligence lead Adam Meyers did notice some parallels between LightBasin and the spyware tools available from the NSO Group.

NSO made headlines earlier in the year when its technology was found to have been used to target journalists, human rights activists and political dissidents across 50 countries.

The cyber security firm also discovered a password hidden within the code of the tracking tool: ‘wuxianpinggu507’ – Chinese for ‘wireless evaluation 507’. However, Cloudstrike urged restraint on this, pointing out that it only hints at the developer having some understanding of Chinese, and is far from being enough to point the finger of blame at Beijing.

Cloudstrike’s Adam Meyers explained the reticence to apportion blame without hard proof: “It’s important for us to be responsible in how we talk about things like this. We don’t take this lightly when we say that there’s a global campaign targeting telecoms, and it has very specialised tools meant to take advantage of mobile infrastructure.

“We don’t want to throw things out there unless we have some degree of confidence.”