Accountability, Information Security, Malware and Telecommunications

Russia-linked Sandworm APT compromised 11 Ukrainian telecommunications providers

Security Affairs

OCTOBER 17, 2023

Russia-linked APT group Sandworm has hacked eleven telecommunication service providers in Ukraine between since May 2023. The Russia-linked APT group Sandworm (UAC-0165) has compromised eleven telecommunication service providers in Ukraine between May and September 2023, reported the Ukraine’s Computer Emergency Response Team (CERT-UA).

Telecommunications

Telecommunications Authentication Data collection Passwords

Raspberry Robin malware used in attacks against Telecom and Governments

Security Affairs

DECEMBER 24, 2022

The Raspberry Robin worm attacks aimed at telecommunications and government office systems across Latin America, Australia, and Europe. Researchers from Trend Micro have uncovered a Raspberry Robin worm campaign targeting telecommunications and government office systems across Latin America, Australia, and Europe.

Government

Government Malware Telecommunications Cybercrime

Threat actors exploit Ivanti VPN bugs to deploy KrustyLoader Malware

Security Affairs

JANUARY 31, 2024

In early January 2024, software firm Ivanti reported that threat actors were exploiting two zero-day vulnerabilities ( CVE-2023-46805, CVE-2024-21887 ) in Connect Secure (ICS) and Policy Secure to remotely execute arbitrary commands on targeted gateways. x and Ivanti Policy Secure. The flaw CVE-2023-46805 (CVSS score 8.2)

VPN

VPN Malware Authentication Small Business

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

Earth Lusca expands its arsenal with SprySOCKS Linux malware

Security Affairs

SEPTEMBER 19, 2023

China-linked threat actor Earth Lusca used a new Linux malware dubbed SprySOCKS in a recent cyber espionage campaign. The experts noticed that the threat actors have rewritten many functions of the malware to run on Linux systems. Additional analysis led to the discovery of a previously unknown Linux backdoor tracked as SprySOCKS.

Malware

Malware Encryption Telecommunications Authentication

China-linked Alloy Taurus APT uses a Linux variant of PingPull malware

Security Affairs

APRIL 26, 2023

The Chinese APT is known to be focused on telecommunications companies operating across Asia, Europe and Africa. This circumstance suggests that the threat actor is reusing existing source code to create new malware. ” reads the analysis published by Unit 42. org over port 8443 for C2. While investigating the yrhsywu2009.zapto[.]org

Malware

Malware Telecommunications Government VPN

Raspberry Robin malware used in attacks against Telecom and Governments

Security Affairs

DECEMBER 24, 2022

The Raspberry Robin worm attacks aimed at telecommunications and government office systems across Latin America, Australia, and Europe. Researchers from Trend Micro have uncovered a Raspberry Robin worm campaign targeting telecommunications and government office systems across Latin America, Australia, and Europe.

Government

Government Malware Telecommunications Cybercrime

230K individuals impacted by a data breach suffered by Telco provider Tangerine

Security Affairs

FEBRUARY 23, 2024

Australian telecommunications provider Tangerine disclosed a data breach that impacted roughly 230,000 individuals. Tangerine suffered a data breach that exposed the personal information of roughly 230,000 individuals. The telco notified the Australian Cyber Security Centre and the Office of the Australian Information Commissioner. 

Data breaches

Data breaches Telecommunications Banking Mobile

T-Mobile data breach: CPNI (Customer Proprietary Network Information) exposed

Security Affairs

DECEMBER 30, 2020

T-Mobile has disclosed a data breach exposing customers’ account’s information. The T-Mobile security staff discovered “malicious, unauthorized access” to their systems. T-Mobile discovered that the attackers had access to the CPNI (Customer Proprietary Network Information).

Data breaches

Data breaches Mobile Telecommunications Wireless

Lapsus$ ransomware gang hits Impresa, Portugal’s largest media conglomerate

Security Affairs

JANUARY 2, 2022

The Lapsus$ ransomware group defaced all the sites publishing a ransom note that claims that they had access to Impresa’s Amazon Web Services account. The gang also targeted the South American telecommunication providers Claro and Embratel. Source TheRecord. At this time the websites of the company are in maintenance mode.

Media

Media Ransomware Telecommunications Accountability

T-Mobile customers were hit with SIM swapping attacks

Security Affairs

FEBRUARY 27, 2021

The telecommunications giant T-Mobile disclosed a data breach after some of its customers were apparently affected by SIM swap attacks. The telecommunications provider T-Mobile has disclosed a data breach after it became aware that some of its customers were allegedly victims of SIM swap attacks.

Mobile

Mobile Telecommunications Data breaches Identity Theft

GUEST ESSAY: Preparing for the dire cybersecurity consequences of Russia’s invasion of Ukraine

The Last Watchdog

APRIL 13, 2022

The Russian government, military, and intelligence service may wish to achieve some operational effect, for example, disrupting the power grid or interfering with telecommunications infrastructure, which may be part of a larger war plan. Educate your employees on threats and risks such as phishing and malware. Accounting for humans.

Cybersecurity

Cybersecurity Cybercrime Education Passwords

Caketap, a new Unix rootkit used to siphon ATM banking data

Security Affairs

MARCH 18, 2022

CrowdStrike researchers reported that at least 13 telecommunication companies were compromised by the group since 2019. The group hacked mobile telephone networks around the globe and used specialized tools to access calling records and text messages from telecommunications companies. ” concludes the report.

Banking

Banking Telecommunications System Administration Hacking

What to do if your company was mentioned on Darknet?

SecureList

DECEMBER 12, 2023

To find out, in 2022 we created a list of 700 companies worldwide from different industries: industrial, telecommunication, financial, retail, and others. According to the source of origin, we divide all compromised accounts into three categories: Public leakages that are freely distributed within cybercriminal society.

Data breaches

Data breaches Accountability Telecommunications Malware

Google TAG warns of Russia-linked APT groups targeting Ukraine

Security Affairs

APRIL 20, 2023

In Q1 2023, threat actors linked to Russia’s military intelligence service focused their phishing campaigns on Ukraine, with the country accounting for over 60% of observed Russian targeting. On September 2022, the Sandworm group was observed impersonating telecommunication providers to target Ukrainian entities with malware.

Phishing

Phishing Education Accountability Telecommunications

Russia-linked APT8 exploited Outlook zero-day to target European NATO members

Security Affairs

DECEMBER 7, 2023

Most of the APT28s’ campaigns leveraged spear-phishing and malware-based attacks. The group operates out of military unity 26165 of the Russian General Staff Main Intelligence Directorate (GRU) 85th Main Special Service Center (GTsSS). The vulnerability is a Microsoft Outlook spoofing vulnerability that can lead to an authentication bypass.

Government

Government Telecommunications Accountability Phishing

Nobelium APT targets French orgs, French ANSSI agency warns

Security Affairs

DECEMBER 6, 2021

The NOBELIUM APT ( APT29 , Cozy Bear , and The Dukes) is the threat actor that conducted supply chain attack against SolarWinds, which involved multiple families of implants, including the SUNBURST backdoor , TEARDROP malware , GoldMax malware , Sibot , and GoldFinder backdoors. ” reads the report published by ANSSI.

Phishing

Phishing Telecommunications Government Accountability

Security Affairs newsletter Round 412 by Pierluigi Paganini – International edition

Security Affairs

MARCH 26, 2023

NCA infiltrates the cybercriminal underground with fake DDoS-for-hire sites Pwn2Own Vancouver 2023 awarded $1,035,000 and a Tesla for 27 0-days CISA announced the Pre-Ransomware Notifications initiative China-linked hackers target telecommunication providers in the Middle East City of Toronto is one of the victims hacked by Clop gang using GoAnywhere (..)

Data breaches

Data breaches DDOS Backups Ransomware

Police dismantled a gang that used phishing sites to steal credit cards

Security Affairs

FEBRUARY 22, 2022

Once obtained the data, crooks used it to empty their victims’ bank accounts. “Users entered bank card details on phishing sites in order to top up their mobile account or make a transfer. Thus, the attacker received payment information from more than 70 thousand people. 190 (Fraud) of the Criminal Code of Ukraine.

Phishing

Phishing Banking Mobile Telecommunications

Iran-linked Chafer APT group targets governments in Kuwait and Saudi Arabia

Security Affairs

MAY 21, 2020

The Chafer APT group has distributed data stealer malware since at least mid-2014, it was focused on surveillance operations and the tracking of individuals. The APT group targets telecommunication and travel industries in the Middle East to gather intelligence on Iran’s geopolitical interests.

Government

Government Social Engineering Telecommunications Hacking

Unprecedented cyber attack hit State Infrastructure of Montenegro

Security Affairs

AUGUST 27, 2022

“Certain services were switched off temporarily for security reasons but the security of accounts belonging to citizens and companies and their data have not been jeopardised,” said Public Administration Minister Maras Dukaj. Montenegro immediately reported the attack to other members of the NATO alliance.

Cyber Attacks

Cyber Attacks Government Telecommunications Malware

G7 calls on Russia to dismantle operations of ransomware gangs within its borders

Security Affairs

JUNE 14, 2021

We call on all states to urgently identify and disrupt ransomware criminal networks operating from within their borders, and hold those networks accountable for their actions,” reads the statement.

Ransomware

Ransomware Cybercrime Telecommunications Accountability

Microsoft details new sophisticated spear-phishing attacks from NOBELIUM

Security Affairs

MAY 28, 2021

The NOBELIUM APT is the threat actor that conducted supply chain attack against SolarWinds which involved multiple families of implants, including the SUNBURST backdoor , TEARDROP malware , GoldMax malware , Sibot , and GoldFinder backdoors. “On May 25, the NOBELIUM campaign escalated significantly.

Phishing

Phishing Threat Detection Telecommunications Malware

A flaw in Dahua IP Cameras allows full take over of the devices

Security Affairs

JULY 31, 2022

Once obtained the credentials, an attacker can add an administrator account and use it to obtain full access to the device and perform actions such as watching live footage from the camera as shown below. “This information could aid in reconnaissance conducted prior to launching a cyberattack. ” concludes Nozomi.

Surveillance

Surveillance Authentication Telecommunications Manufacturing

Security Affairs newsletter Round 438 by Pierluigi Paganini – International edition

Security Affairs

SEPTEMBER 24, 2023

Government of Bermuda blames Russian threat actors for the cyber attack City of Dallas has set a budget of $8.5

Cyber Attacks

Cyber Attacks Firewall Data breaches Telecommunications

Lyceum APT made the headlines with attacks in Middle East

Security Affairs

AUGUST 27, 2019

The activity of the Lyceum APT group was first documents earlier of August by researchers at ICS security firm Dragos that tracked it as Hexane. Security experts at Dragos Inc. reported that Hexane is targeting organizations in the oil and gas industry and telecommunication providers. Another tool used by the group is kl.

DNS

DNS Passwords Penetration Testing Social Engineering

Operation Lyrebird: Group-IB assists INTERPOL in identifying suspect behind numerous cybercrimes worldwide

Security Affairs

JULY 6, 2021

According to Group-IB’s Threat Intelligence team, the suspect, dubbed Dr HeX by Group-IB based on one of the nicknames that he used, has been active since at least 2009 and is responsible for a number of cybercrimes, including phishing, defacing, malware development, fraud, and carding that resulted in thousands of unsuspecting victims.

Cybercrime

Cybercrime Phishing Banking Telecommunications

INTERNET BLOCKING IN MYANMAR – SECRET BLOCK LIST AND NO MEANS TO APPEAL

Security Affairs

AUGUST 10, 2020

In March 2020, The Ministry of Telecommunications (MoTC) issued a directive to all operators in Myanmar with a secret list of 230 sites to be blocked due to the nature of the content; adult content and fake news. The mail account hostmaster@urlblocked.pw, published as contact details in DNS, bounces all incoming mails.

Internet

Internet Internet Telecommunications DNS

Google TAG argues surveillance firm RCS Labs was helped by ISPs to infect mobile users

Security Affairs

JUNE 24, 2022

The following image shows a landing page to trick Italian users into installing one of the following apps in order to recover their accounts. and Tykelab Srl, the latter is a telecommunications solutions company suspected to be operating as a front company.

Surveillance

Surveillance Mobile Spyware Telecommunications

UNC1945, a sophisticated threat actor used Oracle Solaris Zero-Day exploit

Security Affairs

NOVEMBER 3, 2020

The UNC1945 group carried out attacks aimed at telecommunications companies and leveraged third-party networks to target specific financial and professional consulting industries. According to the experts, the attackers also used an exploit for a recently addressed zero-day vulnerability( CVE-2020-14871 ) in Oracle Solaris.

Authentication

Authentication Telecommunications Advertising Internet

FBI is helping Montenegro in investigating the ongoing cyberattack

Security Affairs

SEPTEMBER 1, 2022

Certain services were switched off temporarily for security reasons but the security of accounts belonging to citizens and companies and their data have not been jeopardised,” said Public Administration Minister Maras Dukaj. The National Security Agency issued a warning to organizations operating critical infrastructure.

Government

Government Cyber Attacks Telecommunications Malware

The U.S. FCC considers Huawei and ZTE as national security threats

Security Affairs

JULY 1, 2020

Federal Communications Commission (FCC) announced that Chinese telecommunications giants Huawei and ZTE are considered as national security threats. regulators declared Huawei and ZTE to be national security threats. Last week China accused the US government of “oppressing Chinese companies” after U.S.

Government

Government Telecommunications Internet Internet

The Analyst Prompt #05: Russo-Ukrainian Cyberattacks, and Updates on Lapsus$ and Conti Ransomware Operations

Security Boulevard

MARCH 24, 2022

On March 15th, research firm ESET reported a new data-wiping malware targeting Ukraine named CaddyWiper. [ 1 ] The malware “destroys user data and partitions information from attached drives”. The German Federal Office for Information Security (BSI) issued a warning about the use of Kaspersky products. [

Ransomware

Ransomware Malware Government Antivirus

OilRig APT group: the evolution of attack techniques over time

Security Affairs

AUGUST 7, 2019

The group has targeted a variety of industries, including financial, government, energy, chemical, and telecommunications, and has largely focused its operations within the Middle East. Indeed during the group_a, the main observed delivery techniques where about Phishing (rif.T1193) and Valid Accounts (rif.T1078).

Computers and Electronics

Computers and Electronics Penetration Testing DNS Phishing

Nobelium continues to target organizations worldwide with custom malware

Security Affairs

DECEMBER 6, 2021

Russia-linked Nobelium APT group is using a new custom malware dubbed Ceeloader in attacks against organizations worldwide. NOBELIUM focuses on government organizations, non-government organizations (NGOs), think tanks, military, IT service providers, health technology and research, and telecommunications providers. Pierluigi Paganini.

Malware

Malware VPN Telecommunications Accountability

Iran-Linked APT TA450 embeds malicious links in PDF attachments

Security Affairs

MARCH 25, 2024

sender account. Proofpoint attributes this campaign to TA450 based on the observation of tactics, techniques, and procedures associated with the cyberespionage group, campaign targeting, and malware employed in the attack. For example, this campaign used an email account of salary[@]<compromisedorg>co[.]il,

Phishing

Phishing Social Engineering Telecommunications Accountability

New ransomware trends in 2023

SecureList

MAY 11, 2023

Security researchers discovered an archive that contained test builds of the malware for a number of less common platforms, including macOS and FreeBSD, as well as for various non-standard processor architectures, such as MIPS and SPARC. Meanwhile, the malware itself evolved, adding an LDAP-based self-spreading mechanism.

Ransomware

Ransomware Malware Architecture Telecommunications

Cyber Security Awareness and Risk Management

Spinone

DECEMBER 26, 2018

Cyber threat management , being an advanced discipline, craves analytical attention and a commander’s strategic skills of information security executives to confront and overcome the multi-dimensional cyber threats. You will create cyber awareness among your staff, as well as users, partners, customers.

Security Awareness

Security Awareness Risk Cyber threats Cyber Risk

The Importance of a Proactive Cyber Defense Solution To Protect Your Critical Data

Security Affairs

FEBRUARY 13, 2021

On the basis that they are a Cybersecurity company, the most plausible explanation is that a legitimate user account or an automated source code commit user (non-human user, system or application user) account was compromised. Potential user account compromise.

Cybersecurity

Cybersecurity Accountability Marketing Software

Group-IB presents its annual report on global threats to stability in cyberspace

Security Affairs

NOVEMBER 29, 2019

The most common objective of such attacks is cyberespionage and disruption of major telecommunications companies’ work. The telecommunications sector: Are providers ready for 5G? If they manage to compromise a telecommunications company, they can then also compromise its customers for surveillance or sabotage purposes.

Banking

Banking Telecommunications Marketing Internet

Ransomware world in 2021: who, how and why

SecureList

MAY 12, 2021

Botmasters and account resellers are tasked with providing initial access inside the victim’s network. Well-known malware families are involved in the biggest and most wide-reaching campaigns. When malware operators work with partners, they avoid using the malware in the jurisdiction where they are based.

Ransomware

Ransomware Encryption Malware Cybercrime

NATO and the EU formally condemned Russia-linked APT28 cyber espionage

Security Affairs

MAY 5, 2024

. “The Federal Government’s national attribution procedure regarding this campaign has concluded that, for a relatively long period, the cyber actor APT28 used a critical vulnerability in Microsoft Outlook that remained unidentified at the time to compromise numerous email accounts.”

Government

Government Accountability Cyber Attacks Telecommunications

Russian APT Nomadic Octopus hacked Tajikistani carrier

Security Affairs

MAY 1, 2023

Russian cyber espionage group Nomadic Octopus (aka DustSquad) has hacked a Tajikistani telecoms provider to spy on 18 entities, including high-ranking government officials, telecommunication services, and public service infrastructures. They sometimes inadvertently caused permission pop-ups on the victim systems.

Hacking

Hacking Telecommunications Government Firewall

Iran announced to have foiled a second cyber-attack in a week

Security Affairs

DECEMBER 15, 2019

Iran telecommunications minister announced that for the second time in a week Iran has foiled a cyber attack against its infrastructure. Iran has foiled a new cyber-attack, the country’s telecommunications minister Mohammad Javad Azari- Jahromi says. ” reported the BBC. ” reported the BBC.

Cyber Attacks

Cyber Attacks Telecommunications Government Advertising

Group-IB Hi-Tech Crime Trends 2020/2021 report

Security Affairs

NOVEMBER 25, 2020

Group-IB’s report Hi-Tech Crime Trends 2020/2021 examines various aspects of cybercrime industry operations and predicts changes to the threat landscape for various sectors, namely the financial industry, telecommunications, retail, manufacturing, and the energy sector. downloaders), and new types of botnets (brute-force botnets).

Banking

Banking Ransomware Phishing Marketing

Russia-linked Sandworm APT compromised 11 Ukrainian telecommunications providers

Raspberry Robin malware used in attacks against Telecom and Governments

Webinars

Trending Sources

Threat actors exploit Ivanti VPN bugs to deploy KrustyLoader Malware

Webinars

Earth Lusca expands its arsenal with SprySOCKS Linux malware

China-linked Alloy Taurus APT uses a Linux variant of PingPull malware

Raspberry Robin malware used in attacks against Telecom and Governments

230K individuals impacted by a data breach suffered by Telco provider Tangerine

T-Mobile data breach: CPNI (Customer Proprietary Network Information) exposed

Lapsus$ ransomware gang hits Impresa, Portugal’s largest media conglomerate

T-Mobile customers were hit with SIM swapping attacks

GUEST ESSAY: Preparing for the dire cybersecurity consequences of Russia’s invasion of Ukraine

Caketap, a new Unix rootkit used to siphon ATM banking data

What to do if your company was mentioned on Darknet?

Google TAG warns of Russia-linked APT groups targeting Ukraine

Russia-linked APT8 exploited Outlook zero-day to target European NATO members

Nobelium APT targets French orgs, French ANSSI agency warns

Security Affairs newsletter Round 412 by Pierluigi Paganini – International edition

Police dismantled a gang that used phishing sites to steal credit cards

Iran-linked Chafer APT group targets governments in Kuwait and Saudi Arabia

Unprecedented cyber attack hit State Infrastructure of Montenegro

G7 calls on Russia to dismantle operations of ransomware gangs within its borders

Microsoft details new sophisticated spear-phishing attacks from NOBELIUM

A flaw in Dahua IP Cameras allows full take over of the devices

Security Affairs newsletter Round 438 by Pierluigi Paganini – International edition

Lyceum APT made the headlines with attacks in Middle East

Operation Lyrebird: Group-IB assists INTERPOL in identifying suspect behind numerous cybercrimes worldwide

INTERNET BLOCKING IN MYANMAR – SECRET BLOCK LIST AND NO MEANS TO APPEAL

Google TAG argues surveillance firm RCS Labs was helped by ISPs to infect mobile users

UNC1945, a sophisticated threat actor used Oracle Solaris Zero-Day exploit

FBI is helping Montenegro in investigating the ongoing cyberattack

The U.S. FCC considers Huawei and ZTE as national security threats

The Analyst Prompt #05: Russo-Ukrainian Cyberattacks, and Updates on Lapsus$ and Conti Ransomware Operations

OilRig APT group: the evolution of attack techniques over time

Nobelium continues to target organizations worldwide with custom malware

Iran-Linked APT TA450 embeds malicious links in PDF attachments

New ransomware trends in 2023

Cyber Security Awareness and Risk Management

The Importance of a Proactive Cyber Defense Solution To Protect Your Critical Data

Group-IB presents its annual report on global threats to stability in cyberspace

Ransomware world in 2021: who, how and why

NATO and the EU formally condemned Russia-linked APT28 cyber espionage

Russian APT Nomadic Octopus hacked Tajikistani carrier

Iran announced to have foiled a second cyber-attack in a week

Group-IB Hi-Tech Crime Trends 2020/2021 report

Stay Connected