Hacking, Information Security, Telecommunications and VPN

Russia-linked Sandworm APT compromised 11 Ukrainian telecommunications providers

Security Affairs

OCTOBER 17, 2023

Russia-linked APT group Sandworm has hacked eleven telecommunication service providers in Ukraine between since May 2023. According to public sources, the threat actors targeted ICS of at least 11 Ukrainian telecommunications providers leading to the disruption of their services. “Note (!) ” reads the advisory.

Telecommunications

Telecommunications Authentication Data collection Passwords

Threat actors exploit Ivanti VPN bugs to deploy KrustyLoader Malware

Security Affairs

JANUARY 31, 2024

Threat actors are exploiting recently disclosed zero-day flaws in Ivanti Connect Secure (ICS) VPN devices to deliver KrustyLoader. ” Sliver is a post-exploitation framework that is gaining notoriety in the hacking underground as an alternative to the Cobalt Strike framework. ” concludes the report.

VPN

VPN Malware Authentication Small Business

Experts warn of mass exploitation of Ivanti Connect Secure VPN flaws

Security Affairs

JANUARY 16, 2024

Experts warn that recently disclosed Ivanti Connect Secure VPN and Policy Secure vulnerabilities are massively exploited in the wild. Through forensic analysis of the memory sample, Volexity was able to recreate two proof-of-concept exploits that allowed full unauthenticated command execution on the ICS VPN appliance.

VPN

VPN Authentication Small Business Telecommunications

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

Lapsus$ gang claims to have hacked Microsoft source code repositories

Security Affairs

MARCH 21, 2022

Microsoft is investigating claims that the Lapsus$ hacking group breached its internal Azure DevOps source code repositories. Their scope of interests includes – major telecommunications companies such as Claro, Telefonica and AT&T. SecurityAffairs – hacking, Microsoft). Pierluigi Paganini.

Hacking

Hacking Telecommunications InfoSec Cybercrime

US Agencies and FireEye were hacked with a supply chain attack on SolarWinds Software

Security Affairs

DECEMBER 14, 2020

Nation-state actors, allegedly Russia-linked hacked, have compromised the networks of several US government agencies, including the US Treasury, the Commerce Department’s National Telecommunications and Information Administration (NTIA). The hack allowed the threat actors to spy on the internal email traffic.

Software

Software Hacking Telecommunications Government

Cuttlefish malware targets enterprise-grade SOHO routers

Security Affairs

MAY 1, 2024

The malware creates a proxy or VPN tunnel on the compromised router to exfiltrate data, and then uses stolen credentials to access targeted resources. The experts noticed that the infection chain was distinct, with 99% of infections originating in Turkey, primarily from two major telecommunications providers.

Malware

Malware DNS Authentication Telecommunications

China-linked Alloy Taurus APT uses a Linux variant of PingPull malware

Security Affairs

APRIL 26, 2023

The Chinese APT is known to be focused on telecommunications companies operating across Asia, Europe and Africa. Alloy Taurus is known for leveraging the SoftEther VPN service to facilitate access and maintain persistence to their targeted network.

Malware

Malware Telecommunications Government VPN

Lapsus$ extortion gang claims to have stolen sensitive data from Okta

Security Affairs

MARCH 22, 2022

The gang announced the alleged hack through its Telegram channel and shared a series of screenshots as proof of the hack. Their scope of interests includes – major telecommunications companies such as Claro, Telefonica and AT&T. SecurityAffairs – hacking, BazarLoader). Pierluigi Paganini.

Telecommunications

Telecommunications Data breaches VPN Hacking

FBI chief says China is preparing to attack US critical infrastructure

Security Affairs

APRIL 19, 2024

In December 2023, Microsoft first noticed that to conceal malicious traffic, the threat actor routes it through compromised small office and home office (SOHO) network devices, including routers, firewalls, and VPN hardware. The group also relies on customized versions of open-source tools for C2 communications and to stay under the radar.

Energy and Utilities

Energy and Utilities Telecommunications Technology VPN

Lapsus$ Ransomware Group is hiring, it announced recruitment of insiders

Security Affairs

MARCH 11, 2022

Their scope of interests include – major telecommunications companies such as Claro, Telefonica and AT&T. Notably, the actors are looking to buy remote VPN access and asking potential insiders to contact them privately via Telegram, they then reward them by paying for the access granted. Pierluigi Paganini.

Ransomware

Ransomware Telecommunications Technology VPN

T-Mobile confirms Lapsus$ had access its systems

Security Affairs

APRIL 23, 2022

Telecommunication giant T-Mobile confirmed the LAPSUS$ extortion group gained access to its networks in March. In most cases, this involved social engineering employees at the targeted firm into adding one of their computers or mobiles to the list of devices allowed to authenticate with the company’s virtual private network (VPN).”

Mobile

Mobile VPN Social Engineering Telecommunications

Social media partially disrupted in Cuba amid anti-government protests

Security Affairs

JULY 13, 2021

AS27725) including Cubacel, the cellular network operated by Cuba’s sole telecommunications company.” VPN services have yet to be blocked in the country, allowing citizens to bypass internet censorship. SecurityAffairs – hacking, Cuba). Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini.

Media

Media Government Internet Internet

Lapsus$ extortion gang leaked the source code for some Microsoft projects

Security Affairs

MARCH 22, 2022

The Lapsus$ extortion group claims to have hacked Microsoft ‘s internal Azure DevOps server and leaked the source code for some projects. Their scope of interests includes – major telecommunications companies such as Claro, Telefonica and AT&T. SecurityAffairs – hacking, Microsoft). Pierluigi Paganini.

Cybercrime

Cybercrime Telecommunications VPN Hacking

China-linked threat actors have breached telcos and network service providers

Security Affairs

JUNE 8, 2022

China-linked threat actors have breached telecommunications companies and network service providers to spy on the traffic and steal data. US NSA, CISA, and the FBI published a joint cybersecurity advisory to warn that China-linked threat actors have breached telecommunications companies and network service providers.

Telecommunications

Telecommunications Authentication Passwords Accountability

Ukrainian police arrested Ransomware gang behind attacks on 50 companies

Security Affairs

JANUARY 14, 2022

The gang was also providing VPN-like services used by other cybercriminal organizations to carry out malicious activities used to deliver malware to the target organization. SecurityAffairs – hacking, IKEA). The post Ukrainian police arrested Ransomware gang behind attacks on 50 companies appeared first on Security Affairs.

Ransomware

Ransomware DDOS Telecommunications Malware

GALLIUM Threat Group targets global telcos, Microsoft warns

Security Affairs

DECEMBER 12, 2019

The Microsoft Threat Intelligence Center (MSTIC) warns of GALLIUM threat group targeting global telecommunication providers worldwide. The Microsoft Threat Intelligence Center (MSTIC) warns of GALLIUM threat group targeting global telecommunication providers worldwide. SecurityAffairs – GALLIUM, hacking). Pierluigi Paganini.

Telecommunications

Telecommunications DNS Malware Advertising

What to do if your company was mentioned on Darknet?

SecureList

DECEMBER 12, 2023

Every year is abundant with major data leaks, biggest data breaches and hacks drawing massive media attention (such as Medibank and Optus data breach, Twitter data breach, and Uber and Rockstar compromise in 2022 and in T-Mobile , MailChimp and OpenAI in 2023). But are we really conscious of the true scale of the threat?

Data breaches

Data breaches Accountability Telecommunications Malware

Russia’s watchdog Roskomnadzor threatens to fine Twitter and Facebook

Security Affairs

FEBRUARY 2, 2020

Russia’s telecommunications watchdog Roskomnadzor has instituted administrative proceedings against Facebook and Twitter after they refused to store data of Russian users on servers located in the country. This week the Russian government has blocked the ProtonMail end-to-end encrypted email service and ProtonVPN VPN service.

Telecommunications

Telecommunications VPN Advertising Government

Fox Kitten Campaign – Iranian hackers exploit 1-day VPN flaws in attacks

Security Affairs

FEBRUARY 16, 2020

Iranian hackers have been hacking VPN servers to plant backdoors in companies around the world. Iran-linked attackers targeted Pulse Secure, Fortinet, Palo Alto Networks, and Citrix VPNs to hack into large companies as part of the Fox Kitten Campaign. SecurityAffairs – Fox Kitten campaign, VPN ).

VPN

VPN Telecommunications Advertising Hacking

It’s official, Lapsus$ gang compromised a Microsoft employee’s account

Security Affairs

MARCH 23, 2022

Microsoft confirmed that Lapsus$ extortion group has hacked one of its employees to access and steal the source code of some projects. Microsoft confirmed that Lapsus$ extortion group has hacked one of its employees to access and steal the source code of some projects. SecurityAffairs – hacking, Microsoft). Pierluigi Paganini.

Accountability

Accountability VPN Social Engineering Hacking

Nobelium continues to target organizations worldwide with custom malware

Security Affairs

DECEMBER 6, 2021

NOBELIUM focuses on government organizations, non-government organizations (NGOs), think tanks, military, IT service providers, health technology and research, and telecommunications providers. SecurityAffairs – hacking, NOBELIUM). The Nobelium cyberspies is using a new custom downloader tracked by the researchers as CEELOADER.

Malware

Malware VPN Telecommunications Accountability

Ransomware world in 2021: who, how and why

SecureList

MAY 12, 2021

Hackers who are on the lookout for publicly disclosed vulnerabilities (1-days) in internet facing software, such as VPN appliances or email gateways. There is, of course, a documented porosity between the ransomware ecosystem and other cybercrime domains such as carding or point-of-sale (PoS) hacking. Access sellers.

Ransomware

Ransomware Encryption Malware Cybercrime

Group-IB Hi-Tech Crime Trends 2020/2021 report

Security Affairs

NOVEMBER 25, 2020

Group-IB’s report Hi-Tech Crime Trends 2020/2021 examines various aspects of cybercrime industry operations and predicts changes to the threat landscape for various sectors, namely the financial industry, telecommunications, retail, manufacturing, and the energy sector. SecurityAffairs – hacking, crime trends). Pierluigi Paganini.

Banking

Banking Ransomware Phishing Marketing

Cyber Security Informer

Russia-linked Sandworm APT compromised 11 Ukrainian telecommunications providers

Threat actors exploit Ivanti VPN bugs to deploy KrustyLoader Malware

Webinars

Trending Sources

Experts warn of mass exploitation of Ivanti Connect Secure VPN flaws

Webinars

Lapsus$ gang claims to have hacked Microsoft source code repositories

US Agencies and FireEye were hacked with a supply chain attack on SolarWinds Software

Cuttlefish malware targets enterprise-grade SOHO routers

China-linked Alloy Taurus APT uses a Linux variant of PingPull malware

Lapsus$ extortion gang claims to have stolen sensitive data from Okta

FBI chief says China is preparing to attack US critical infrastructure

Lapsus$ Ransomware Group is hiring, it announced recruitment of insiders

T-Mobile confirms Lapsus$ had access its systems

Social media partially disrupted in Cuba amid anti-government protests

Lapsus$ extortion gang leaked the source code for some Microsoft projects

China-linked threat actors have breached telcos and network service providers

Ukrainian police arrested Ransomware gang behind attacks on 50 companies

GALLIUM Threat Group targets global telcos, Microsoft warns

What to do if your company was mentioned on Darknet?

Russia’s watchdog Roskomnadzor threatens to fine Twitter and Facebook

Fox Kitten Campaign – Iranian hackers exploit 1-day VPN flaws in attacks

It’s official, Lapsus$ gang compromised a Microsoft employee’s account

Nobelium continues to target organizations worldwide with custom malware

Ransomware world in 2021: who, how and why

Group-IB Hi-Tech Crime Trends 2020/2021 report

Stay Connected