A new investigation by the digital rights research group Citizen Lab has revealed how weaknesses inside global telecom infrastructure were allegedly exploited to secretly monitor mobile phone users in more than ten countries over the past three years.
The findings, reviewed by Haaretz, highlight how parts of the global mobile network system, originally developed decades before smartphones existed, continue to expose users to modern surveillance risks despite the arrival of 4G and 5G technologies.
According to the report, researchers uncovered two separate surveillance operations that appear to be linked to commercial spyware and cyber intelligence vendors selling tracking capabilities to government clients worldwide. One of the operations reportedly used telecom infrastructure connected to Israeli providers 019Mobile and Partner Communications, although both companies denied involvement.
Researchers say the operations relied on weaknesses in SS7, an older telecom signaling protocol used globally to route phone calls, text messages, and roaming traffic between mobile operators. SS7 was designed during a period when telecom networks trusted one another by default, long before today’s cybersecurity threats emerged. Security experts have warned for years that attackers can abuse the protocol to monitor phone activity, intercept communications, or identify a user’s location.
The report states that some surveillance firms were able to impersonate legitimate mobile carriers and gain access to these legacy telecom systems in order to track users internationally. A second operation was reportedly linked to Fink Telecom Services, a Swiss company previously named in a 2023 investigation by Haaretz and Lighthouse Reports involving telecom surveillance services supplied to cyber intelligence vendors, including Rayzone.
Last week, British regulators reportedly moved to ban similar telecom signaling abuse practices, describing them as a major source of malicious activity affecting mobile networks. However, the new findings suggest that even newer systems built for 4G and 5G communications are vulnerable to similar exploitation.
One example highlighted in the report is Diameter, a signaling protocol widely used in 4G roaming and many 5G environments to manage subscriber connectivity and authentication. Although Diameter was introduced with stronger security protections than SS7, researchers found that attackers are still capable of abusing the system to conduct tracking operations.
In the first campaign identified by Citizen Lab, researchers documented more than 500 location-tracking attempts between November 2022 and 2025 across countries including Thailand, Bangladesh, Norway, Malaysia, South Africa, and several African nations. The investigation reportedly began after researchers observed a Middle Eastern businessman being repeatedly tracked over a four-hour period through international telecom queries.
Citizen Lab found that telecom identifiers associated with 019Mobile were used to send location-tracking requests through infrastructure connected to Partner Communications, which supports 019Mobile’s services. Another network route reportedly passed through Exelera Telecom, a communications and cloud services provider that also manages international fiber-optic infrastructure. Exelera did not publicly respond to requests for comment.
019Mobile’s head of security denied involvement and stated that the company operates as a virtual provider using another carrier’s infrastructure rather than maintaining its own roaming agreements. Researchers noted that attackers may have forged the company’s telecom identity to access the network.
Although Citizen Lab did not publicly identify the companies behind the operations, the report referenced several possible actors, including Cognyte. Internal files reviewed by Haa
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: