Surveillance Campaigns Exploit Long-Known SS7 Telecom Vulnerabilities

25 Apr 2026

PrivacyResearchTechnologyThreatsCambodiaChinaCitizen LabFederal Communications CommissionIsraelItalyLiechtensteinMoroccoMozambiqueNamibiaPolandRon DeibertRon WydenRwandaspywaress7SS7 ProtocolsurveillanceSwedenSwitzerlandtelecommunicationsThailandUnited Kingdom (U.K.)

Researchers reported the first-ever mapping of attack traffic targeting mobile operator signaling infrastructure, exploiting long-known vulnerabilities in the SS7 telecom protocol. Commercial surveillance tools were used in these campaigns, though specific vendors or threat actors were not named. The surveillance activities impacted multiple countries, including Cambodia, China, Morocco, Mozambique, Namibia, Poland, Rwanda, Sweden, Switzerland, Thailand, and the United Kingdom. The research was conducted by Citizen Lab, with contributions from experts like Ron Deibert and U.S. Senator Ron Wyden. No specific technical details, such as CVE IDs or exact attack timelines, were provided. The findings highlight persistent risks in telecom security due to unpatched SS7 flaws.