Accountability, Information Security and Telecommunications

Russia-linked Sandworm APT compromised 11 Ukrainian telecommunications providers

Security Affairs

OCTOBER 17, 2023

Russia-linked APT group Sandworm has hacked eleven telecommunication service providers in Ukraine between since May 2023. The Russia-linked APT group Sandworm (UAC-0165) has compromised eleven telecommunication service providers in Ukraine between May and September 2023, reported the Ukraine’s Computer Emergency Response Team (CERT-UA).

Telecommunications

Telecommunications Authentication Data collection Passwords

Telstra Telecom Suffers Data Breach Potentially Exposing Employee Information

The Hacker News

OCTOBER 5, 2022

Australia's largest telecommunications company Telstra disclosed that it was the victim of a data breach through a third-party, nearly two weeks after Optus reported a breach of its own. There has been no breach of Telstra's systems," Narelle Devine, the company's chief information security officer for the Asia Pacific region, said.

Data breaches

Data breaches Telecommunications Accountability Information Security

230K individuals impacted by a data breach suffered by Telco provider Tangerine

Security Affairs

FEBRUARY 23, 2024

Australian telecommunications provider Tangerine disclosed a data breach that impacted roughly 230,000 individuals. Tangerine suffered a data breach that exposed the personal information of roughly 230,000 individuals. The telco notified the Australian Cyber Security Centre and the Office of the Australian Information Commissioner. 

Data breaches

Data breaches Telecommunications Banking Mobile

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

AT&T confirmed that a data breach impacted 73 million customers

Security Affairs

MARCH 30, 2024

AT&T initially denied any data breach, below is the statement from the telecomunication giant : “Based on our investigation Thursday, the information that appeared in an internet chat room does not appear to have come from our systems,” On Saturday, the telecommunications company retracted its initial denial and confirmed the data breach.

Data breaches

Data breaches Telecommunications Cybercrime Hacking

Sprint revealed that hackers compromised some customer accounts via Samsung site

Security Affairs

JULY 16, 2019

US telecommunications company Sprint revealed that hackers compromised an unknown number of customer accounts via the Samsung.com “add a line” website. “On June 22, Sprint was informed of unauthorized access to your Sprint account using your account credentials via the Samsung.com “add a line” website.”

Accountability

Accountability Identity Theft Telecommunications Data breaches

Telstra Telecom discloses data breach impacting former and current employees

Security Affairs

OCTOBER 5, 2022

Bad news for the Australian telecommunications industry, the largest company in the country Telstra suffered a data breach. Australia’s largest telecommunications company Telstra disclosed a data breach through a third-party supplier. It seems that the security breach also impacted other companies.

Data breaches

Data breaches Telecommunications Accountability Information Security

AT&T states that the data breach impacted 51 million former and current customers

Security Affairs

APRIL 10, 2024

AT&T initially denied any data breach, below is the statement from the telecomunication giant : “Based on our investigation Thursday, the information that appeared in an internet chat room does not appear to have come from our systems,” Later, the telecommunications company retracted its initial denial and confirmed the data breach.

Data breaches

Data breaches Telecommunications Identity Theft Hacking

T-Mobile data breach: CPNI (Customer Proprietary Network Information) exposed

Security Affairs

DECEMBER 30, 2020

T-Mobile has disclosed a data breach exposing customers’ account’s information. The T-Mobile security staff discovered “malicious, unauthorized access” to their systems. T-Mobile discovered that the attackers had access to the CPNI (Customer Proprietary Network Information).

Data breaches

Data breaches Mobile Telecommunications Wireless

Turkish Sea Turtle APT targets Dutch IT and Telecom firms

Security Affairs

JANUARY 7, 2024

The group targets government entities, Kurdish (political) groups like PKK, telecommunication, ISPs, IT-service providers (including security companies), NGO, and Media & Entertainment sectors; Over the years, the group enhanced its evasion capabilities. Enable 2FA on all externally exposed accounts.

Media

Media Accountability Telecommunications Government

T-Mobile customers were hit with SIM swapping attacks

Security Affairs

FEBRUARY 27, 2021

The telecommunications giant T-Mobile disclosed a data breach after some of its customers were apparently affected by SIM swap attacks. The telecommunications provider T-Mobile has disclosed a data breach after it became aware that some of its customers were allegedly victims of SIM swap attacks.

Mobile

Mobile Telecommunications Data breaches Identity Theft

Lapsus$ ransomware gang hits Impresa, Portugal’s largest media conglomerate

Security Affairs

JANUARY 2, 2022

The Lapsus$ ransomware group defaced all the sites publishing a ransom note that claims that they had access to Impresa’s Amazon Web Services account. The gang also targeted the South American telecommunication providers Claro and Embratel. Source TheRecord. At this time the websites of the company are in maintenance mode.

Media

Media Ransomware Telecommunications Accountability

Hackers gained access to T-Mobile customers and employee personal info

Security Affairs

MARCH 5, 2020

A data breach notification published by the telecommunications giant on its website revealed that the security breach impacted both employees and customers. T-Mobile confirmed that some of these accounts accessed by the hackers contained account information for its customers and employees.

Mobile

Mobile Data breaches Telecommunications Wireless

AT&T is notifying millions of customers of data breach after a third-party vendor hack

Security Affairs

MARCH 10, 2023

AT&T is notifying millions of customers that some of their information was exposed after a third-party vendor was hacked. CPNI is information related to the telecommunications services purchased by the customers, including the number of lines for each account or the wireless plan to which customers are subscribed.

Data breaches

Data breaches Hacking Wireless Telecommunications

China-linked threat actors have breached telcos and network service providers

Security Affairs

JUNE 8, 2022

China-linked threat actors have breached telecommunications companies and network service providers to spy on the traffic and steal data. US NSA, CISA, and the FBI published a joint cybersecurity advisory to warn that China-linked threat actors have breached telecommunications companies and network service providers.

Telecommunications

Telecommunications Authentication Passwords Accountability

Hackers accessed Mint Mobile subscribers’ data and ported some numbers

Security Affairs

JULY 10, 2021

Mint Mobile discloses a data breach, an unauthorized attacker gained access to subscribers’ account information and ported phone numbers. Mint Mobile is an American telecommunications company which sells mobile phone services and operates as an MVNO on T-Mobile’s cellular network in the United States.

Mobile

Mobile Data breaches Telecommunications Passwords

T-Mobile data breach has impacted 48.6 million customers

Security Affairs

AUGUST 18, 2021

million current postpaid customer accounts, as well as more than 40 million records of former and prospective customers. Importantly, no phone numbers, account numbers, PINs, passwords, or financial information were compromised in any of these files of customers or prospective customers.” Pierluigi Paganini.

Data breaches

Data breaches Mobile Telecommunications Wireless

GUEST ESSAY: Preparing for the dire cybersecurity consequences of Russia’s invasion of Ukraine

The Last Watchdog

APRIL 13, 2022

The Russian government, military, and intelligence service may wish to achieve some operational effect, for example, disrupting the power grid or interfering with telecommunications infrastructure, which may be part of a larger war plan. Accounting for humans. Each of these organizations performs cyber operations for various reasons.

Cybersecurity

Cybersecurity Cybercrime Education Passwords

Hundreds of network operators’ credentials found circulating in Dark Web

Security Affairs

JANUARY 30, 2024

As an example of compromised accounts, Resecurity outlined exposed access credentials belonging to a major data center and one of the largest vendors providing international-scale network telephony connectivity to governmental and national telecom providers in Africa.

Engineering

Engineering Passwords Telecommunications Accountability

Raspberry Robin malware used in attacks against Telecom and Governments

Security Affairs

DECEMBER 24, 2022

The Raspberry Robin worm attacks aimed at telecommunications and government office systems across Latin America, Australia, and Europe. Researchers from Trend Micro have uncovered a Raspberry Robin worm campaign targeting telecommunications and government office systems across Latin America, Australia, and Europe.

Government

Government Malware Telecommunications Cybercrime

Russia-linked APT Sandworm was inside Ukraine telecoms giant Kyivstar for months

Security Affairs

JANUARY 5, 2024

The Ukrainian telecommunications company provides communication services and data transmission based on a broad range of fixed and mobile technologies, including 4G (LTE) in Ukraine. In December, Kyivstar , the largest Ukraine service provider went down after a major cyber attack. The SBU helped Kyivstar in recovering from the cyber attack.

Mobile

Mobile Telecommunications Cyber Attacks Internet

What to do if your company was mentioned on Darknet?

SecureList

DECEMBER 12, 2023

To find out, in 2022 we created a list of 700 companies worldwide from different industries: industrial, telecommunication, financial, retail, and others. According to the source of origin, we divide all compromised accounts into three categories: Public leakages that are freely distributed within cybercriminal society.

Data breaches

Data breaches Accountability Telecommunications Malware

China-linked Alloy Taurus APT uses a Linux variant of PingPull malware

Security Affairs

APRIL 26, 2023

The Chinese APT is known to be focused on telecommunications companies operating across Asia, Europe and Africa. “Alloy Taurus remains an active threat to telecommunications, finance and government organizations across Southeast Asia, Europe and Africa,” Unit 42 concludes.

Malware

Malware Telecommunications Government VPN

Caketap, a new Unix rootkit used to siphon ATM banking data

Security Affairs

MARCH 18, 2022

CrowdStrike researchers reported that at least 13 telecommunication companies were compromised by the group since 2019. The group hacked mobile telephone networks around the globe and used specialized tools to access calling records and text messages from telecommunications companies. ” concludes the report.

Banking

Banking Telecommunications System Administration Hacking

Police dismantled a gang that used phishing sites to steal credit cards

Security Affairs

FEBRUARY 22, 2022

Once obtained the data, crooks used it to empty their victims’ bank accounts. “Users entered bank card details on phishing sites in order to top up their mobile account or make a transfer. Thus, the attacker received payment information from more than 70 thousand people. 190 (Fraud) of the Criminal Code of Ukraine.

Phishing

Phishing Banking Mobile Telecommunications

Russia-linked APT8 exploited Outlook zero-day to target European NATO members

Security Affairs

DECEMBER 7, 2023

ANSSI observed at least three attack techniques employed by APT28 in the attacks against French organizations: searching for zero-day vulnerabilities [T1212, T1587.004]; compromise of routers and personal email accounts [T1584.005, T1586.002]; the use of open source tools and online services [T1588.002, T1583.006].

Government

Government Telecommunications Accountability Phishing

Raspberry Robin malware used in attacks against Telecom and Governments

Security Affairs

DECEMBER 24, 2022

The Raspberry Robin worm attacks aimed at telecommunications and government office systems across Latin America, Australia, and Europe. Researchers from Trend Micro have uncovered a Raspberry Robin worm campaign targeting telecommunications and government office systems across Latin America, Australia, and Europe.

Government

Government Malware Telecommunications Cybercrime

G7 calls on Russia to dismantle operations of ransomware gangs within its borders

Security Affairs

JUNE 14, 2021

We call on all states to urgently identify and disrupt ransomware criminal networks operating from within their borders, and hold those networks accountable for their actions,” reads the statement.

Ransomware

Ransomware Cybercrime Telecommunications Accountability

A flaw in Dahua IP Cameras allows full take over of the devices

Security Affairs

JULY 31, 2022

Once obtained the credentials, an attacker can add an administrator account and use it to obtain full access to the device and perform actions such as watching live footage from the camera as shown below. “This information could aid in reconnaissance conducted prior to launching a cyberattack. ” concludes Nozomi.

Surveillance

Surveillance Authentication Telecommunications Manufacturing

US citizens lost more than $68M to SIM swap attacks in 2021, FBI warns

Security Affairs

FEBRUARY 10, 2022

. “The Federal Bureau of Investigation is issuing this announcement to inform mobile carriers and the public of the increasing use of Subscriber Identity Module (SIM) swapping by criminals to steal money from fiat and virtual currency accounts.” Use a variation of unique passwords to access online accounts.

Mobile

Mobile Cryptocurrency Authentication Accountability

Microsoft Exchange ProxyToken flaw can allow attackers to read your emails

Security Affairs

AUGUST 31, 2021

ProxyToken is a serious vulnerability in Microsoft Exchange Server that could allow unauthentication attackers to access emails from a target account. The issue could be exploited by an unauthenticated attacker to access emails from a target account. An attacker can leverage this vulnerability to disclose information from the server.”

Authentication

Authentication Telecommunications Accountability Information Security

Threat actors exploit Ivanti VPN bugs to deploy KrustyLoader Malware

Security Affairs

JANUARY 31, 2024

The list of targets includes multiple Fortune 500 companies operating in various industry sectors, such as: Global government and military departments National telecommunications companies Defense contractors Technology firms Banking, finance, and accounting institutions Worldwide consulting services Aerospace, aviation, and engineering entities After (..)

VPN

VPN Malware Authentication Small Business

Google TAG warns of Russia-linked APT groups targeting Ukraine

Security Affairs

APRIL 20, 2023

In Q1 2023, threat actors linked to Russia’s military intelligence service focused their phishing campaigns on Ukraine, with the country accounting for over 60% of observed Russian targeting. On September 2022, the Sandworm group was observed impersonating telecommunication providers to target Ukrainian entities with malware.

Phishing

Phishing Education Accountability Telecommunications

19-Year-Old man arrested for misusing leaked record from Optus Breach

Security Affairs

OCTOBER 6, 2022

.” The arrest is the result of Operation Guardian led by AFP which became aware of a number of text messages demanding some Optus customers transfer $2000 to a bank account or face their personal information being used for financial crimes. The database belonging to the company was leaked on a cybercrime forum.

Data breaches

Data breaches Scams Telecommunications Financial Services

FBI chief says China is preparing to attack US critical infrastructure

Security Affairs

APRIL 19, 2024

The group also relies on valid accounts and leverage strong operational security, which combined, allows for long-term undiscovered persistence. Wray confirmed that Volt Typhoon’s campaign is still ongoing and breached numerous American companies in telecommunications, energy, water and other critical sectors.

Energy and Utilities

Energy and Utilities Telecommunications Technology VPN

Nobelium APT targets French orgs, French ANSSI agency warns

Security Affairs

DECEMBER 6, 2021

NOBELIUM focuses on government organizations, non-government organizations (NGOs), think tanks, military, IT service providers, health technology and research, and telecommunications providers. “ANSSI has observed a number of phishing campaigns directed against French entities since February 2021. .

Phishing

Phishing Telecommunications Government Accountability

Major IPS in New Zealand hit by massive DDoS, Internet outages reported

Security Affairs

SEPTEMBER 5, 2021

Vocus provides retail, wholesale and corporate telecommunications services across Australia and New Zealand. Please contact your account manager if you are unable to connect.” A massive DDoS hit Vocus ISP, New Zealand ‘s third-largest internet operator, isolating parts of the country from the Internet.

DDOS

DDOS Internet Internet Telecommunications

T-Mobile confirms Lapsus$ had access its systems

Security Affairs

APRIL 23, 2022

Telecommunication giant T-Mobile confirmed the LAPSUS$ extortion group gained access to its networks in March. The telecom company says no customer or government information was compromised, despite the images shared in the chats show the gang gaining access to the internal “Atlas” system, along to Slack and Bitbucket accounts.

Mobile

Mobile VPN Social Engineering Telecommunications

T-Mobile discloses data breach affecting prepaid wireless customers

Security Affairs

NOVEMBER 22, 2019

The US branch of the telecommunications giant T -Mobile disclosed a security breach that according to the company impacted a small number of customers of its prepaid service. The cybersecurity team at T-Mobile discovered an unauthorized access to information associated with a limited number of its prepaid wireless account customers.

Wireless

Wireless Data breaches Mobile Telecommunications

Crooks use math symbols to evade anti-phishing solutions

Security Affairs

OCTOBER 13, 2021

The experts analyzed the case of a campaign targeting the customers of the telecommunication giant Verizon, attackers used a square root symbol, a logical NOR operator, or the checkmark symbol itself. The trick adopted by the crooks aims at creating a sort of optical interference that could allow bypassing anti-spam solutions.

Phishing

Phishing Telecommunications Accountability Marketing

Iran-linked Chafer APT group targets governments in Kuwait and Saudi Arabia

Security Affairs

MAY 21, 2020

The APT group targets telecommunication and travel industries in the Middle East to gather intelligence on Iran’s geopolitical interests. The Chafer APT group has distributed data stealer malware since at least mid-2014, it was focused on surveillance operations and the tracking of individuals.

Government

Government Social Engineering Telecommunications Hacking

Lapsus$ extortion gang claims to have stolen sensitive data from Okta

Security Affairs

MARCH 22, 2022

. “We will provide updates as more information becomes available.” ” Todd McKinnon, CEO at Okta, confirmed that in late January 2022, the company detected an attempt to compromise the account of a third party customer support engineer working for one of its subprocessors.

Telecommunications

Telecommunications Data breaches VPN Hacking

Earth Lusca expands its arsenal with SprySOCKS Linux malware

Security Affairs

SEPTEMBER 19, 2023

The group focuses on government departments that are involved in foreign affairs, technology, and telecommunications. The experts reported that the group exfiltrates documents from target systems and attempts to steal email account credentials. “The name of the loader’s process is set to “kworker/0:22” by the prctl command.

Malware

Malware Encryption Telecommunications Authentication

Information risk and security for professional services

Notice Bored

APRIL 20, 2022

I am currently drafting a guideline on information security, privacy, governance, compliance and other controls to mitigate unacceptable information risks in professional services. Small, immature organisations may not have that luxury, and hence may have little option but to accept whatever the counterparty suggests/requires.

Risk

Risk Energy and Utilities Computers and Electronics Telecommunications

Security Affairs newsletter Round 412 by Pierluigi Paganini – International edition

Security Affairs

MARCH 26, 2023

NCA infiltrates the cybercriminal underground with fake DDoS-for-hire sites Pwn2Own Vancouver 2023 awarded $1,035,000 and a Tesla for 27 0-days CISA announced the Pre-Ransomware Notifications initiative China-linked hackers target telecommunication providers in the Middle East City of Toronto is one of the victims hacked by Clop gang using GoAnywhere (..)

Data breaches

Data breaches DDOS Backups Ransomware

Russia-linked Sandworm APT compromised 11 Ukrainian telecommunications providers

Telstra Telecom Suffers Data Breach Potentially Exposing Employee Information

Webinars

Trending Sources

230K individuals impacted by a data breach suffered by Telco provider Tangerine

Webinars

AT&T confirmed that a data breach impacted 73 million customers

Sprint revealed that hackers compromised some customer accounts via Samsung site

Telstra Telecom discloses data breach impacting former and current employees

AT&T states that the data breach impacted 51 million former and current customers

T-Mobile data breach: CPNI (Customer Proprietary Network Information) exposed

Turkish Sea Turtle APT targets Dutch IT and Telecom firms

T-Mobile customers were hit with SIM swapping attacks

Lapsus$ ransomware gang hits Impresa, Portugal’s largest media conglomerate

Hackers gained access to T-Mobile customers and employee personal info

AT&T is notifying millions of customers of data breach after a third-party vendor hack

China-linked threat actors have breached telcos and network service providers

Hackers accessed Mint Mobile subscribers’ data and ported some numbers

T-Mobile data breach has impacted 48.6 million customers

GUEST ESSAY: Preparing for the dire cybersecurity consequences of Russia’s invasion of Ukraine

Hundreds of network operators’ credentials found circulating in Dark Web

Raspberry Robin malware used in attacks against Telecom and Governments

Russia-linked APT Sandworm was inside Ukraine telecoms giant Kyivstar for months

What to do if your company was mentioned on Darknet?

China-linked Alloy Taurus APT uses a Linux variant of PingPull malware

Caketap, a new Unix rootkit used to siphon ATM banking data

Police dismantled a gang that used phishing sites to steal credit cards

Russia-linked APT8 exploited Outlook zero-day to target European NATO members

Raspberry Robin malware used in attacks against Telecom and Governments

G7 calls on Russia to dismantle operations of ransomware gangs within its borders

A flaw in Dahua IP Cameras allows full take over of the devices

US citizens lost more than $68M to SIM swap attacks in 2021, FBI warns

Microsoft Exchange ProxyToken flaw can allow attackers to read your emails

Threat actors exploit Ivanti VPN bugs to deploy KrustyLoader Malware

Google TAG warns of Russia-linked APT groups targeting Ukraine

19-Year-Old man arrested for misusing leaked record from Optus Breach

FBI chief says China is preparing to attack US critical infrastructure

Nobelium APT targets French orgs, French ANSSI agency warns

Major IPS in New Zealand hit by massive DDoS, Internet outages reported

T-Mobile confirms Lapsus$ had access its systems

T-Mobile discloses data breach affecting prepaid wireless customers

Crooks use math symbols to evade anti-phishing solutions

Iran-linked Chafer APT group targets governments in Kuwait and Saudi Arabia

Lapsus$ extortion gang claims to have stolen sensitive data from Okta

Earth Lusca expands its arsenal with SprySOCKS Linux malware

Information risk and security for professional services

Security Affairs newsletter Round 412 by Pierluigi Paganini – International edition

Stay Connected