Citizen Lab researchers have identified two separate espionage operations exploiting known vulnerabilities in SS7 and Diameter protocols to track individuals across 2G, 3G, 4G, and 5G networks.
Security researchers at Citizen Lab have documented two distinct spying campaigns that leverage weaknesses in fundamental telecommunications infrastructure to conduct surveillance and location tracking.
The attacks target SS7 and Diameter protocols—core systems that underpin global mobile networks. SS7 has been exploited for years by both state actors and criminal groups, while Diameter vulnerabilities represent a newer attack vector affecting 4G and 5G infrastructure.
These protocols handle critical functions including call routing, messaging, and authentication across carriers worldwide. Their weaknesses allow attackers to intercept communications and pinpoint targets' locations without requiring access to devices or carrier cooperation.
The dual campaigns signal that sophisticated threat actors continue to abuse these known flaws despite years of public disclosure. The ability to track individuals across multiple network generations—from older 2G infrastructure to cutting-edge 5G—demonstrates that network security gaps persist across the entire mobile ecosystem.
Telecommunications carriers have struggled to fully patch these vulnerabilities. Widespread remediation requires significant infrastructure upgrades, and many operators have deprioritized fixes due to costs and technical complexity. Legacy systems running 2G and 3G networks remain particularly exposed.
The findings underscore a fundamental challenge in mobile security: the protocols connecting carriers internationally were designed with minimal security considerations decades ago. Retrofitting protections onto this aging infrastructure has proven difficult and incomplete.
Citizen Lab's research joins mounting evidence that location tracking via telecom vulnerabilities represents an ongoing threat to journalists, activists, and other high-value targets. The group previously documented similar campaigns by government-linked actors exploiting these same weaknesses.
Mobile network operators and regulators face pressure to accelerate security upgrades, though the global scope of telecommunications infrastructure makes coordinated improvements difficult to implement.
Zoom has disclosed a critical vulnerability affecting its Windows desktop client and SDK that allows unauthenticated attackers to hijack user accounts. The company has released patches to address the security issue.
A hacker accessed Suno's source code, revealing details about how the AI music platform scraped millions of songs. Suno confirmed a November breach but stated no sensitive personal data was compromised.
Federal prosecutors have unsealed a 2024 indictment charging three Russian nationals and two web hosting services with facilitating cyberattacks and money laundering that victimized cybercrime targets of $62 million.
A hacker accessed Suno's source code using stolen employee credentials, revealing that the AI music generator scraped decades of audio from YouTube to train its model.