Hacking, Malware and Telecommunications

Earth Kurma APT is actively targeting government and telecommunications orgs in Southeast Asia

Security Affairs

APRIL 28, 2025

Earth Kurma APT carried out a sophisticated campaign against government and telecommunications sectors in Southeast Asia. Threat actors use custom malware, rootkits, and cloud storage for espionage, credential theft, and data exfiltration, posing a high business risk with advanced evasion techniques.

Telecommunications

Telecommunications Government Malware Hacking

Video: Salt Typhoon Hacks Major Telecom Giants Using Malware

eSecurity Planet

DECEMBER 4, 2024

In this video, we delve into the world of cybercrime with our feature on the Salt Typhoon incident, where hackers successfully breached major telecommunications companies. The post Video: Salt Typhoon Hacks Major Telecom Giants Using Malware appeared first on eSecurity Planet.

Hacking

Hacking Malware Telecommunications Cybercrime

U.S. agency cautions employees to limit phone use due to Salt Typhoon hack of telco providers

Security Affairs

NOVEMBER 10, 2024

US CFPB warns employees to avoid work-related mobile calls and texts following China-linked Salt Typhoon hack over security concerns. Do NOT conduct CFPB work using mobile voice calls or text messages,” reads the email sent to the employees referencing a recent government statement acknowledging the telecommunications infrastructure attack.

Hacking

Hacking Internet Internet Government

Ukrainian telecommunications operators hit by DarkCrystal RAT malware

Security Affairs

JUNE 27, 2022

The Ukrainian CERT-UA warns of attacks against Ukrainian telecommunications operators involving the DarkCrystal RAT. The Governmental Computer Emergency Response Team of Ukraine (CERT-UA) is warning of a malware campaign targeting Ukrainian telecommunications operators with the DarkCrystal RAT. SecurityAffairs – hacking, RAT).

Telecommunications

Telecommunications Malware Media Passwords

Hive0117 group targets Russian firms with new variant of DarkWatchman malware

Security Affairs

MAY 1, 2025

Hive0117 targets Russian firms in multiple sectors with phishing attacks using a modified version of the DarkWatchman malware. A cybercrime group named Hive0117 is behind a fresh phishing campaign that targeted Russian organizations with a new version of the DarkWatchman malware, according to Russian cybersecurity firm F6.

Malware

Malware Phishing Telecommunications Retail

Hacked by Police

Schneier on Security

JULY 3, 2020

French police hacked EncroChat secure phones, which are widely used by criminals: Encrochat's phones are essentially modified Android devices, with some models using the "BQ Aquaris X2," an Android handset released in 2018 by a Spanish electronics company, according to the leaked documents. Lots of details about the hack in the article.

Hacking

Hacking Telecommunications Encryption Firewall

Cell Networks Hacked by (Probable) Nation-State Attackers

Schneier on Security

JULY 9, 2019

Their goal, the researchers believe, is to obtain and download rolling records on the target from the cell provider's database without having to deploy malware on each target's device. [.]. The attack was aiming to obtain CDR records of a large telecommunications provider.

Hacking

Hacking Telecommunications Malware Passwords

RansomHub gang claims the hack of the telecommunications giant Frontier Communications

Security Affairs

JUNE 4, 2024

The RansomHub ransomware group added the American telecommunications company Frontier Comunications to the list of victims on its Tor leak site. The RansomHub ransomware group claimed to have stolen the information of over 2 million customers from the American telecommunications company Frontier Communications.

Telecommunications

Telecommunications Hacking Data breaches Cybercrime

Technical Report of the Bezos Phone Hack

Schneier on Security

JANUARY 24, 2020

Motherboard obtained and published the technical report on the hack of Jeff Bezos's phone, which is being attributed to Saudi Arabia, specifically to Crown Prince Mohammed bin Salman.investigators set up a secure lab to examine the phone and its artifacts and spent two days poring over the device but were unable to find any malware on it.

Hacking

Hacking Backups Spyware Encryption

Russia-linked Sandworm APT compromised 11 Ukrainian telecommunications providers

Security Affairs

OCTOBER 17, 2023

Russia-linked APT group Sandworm has hacked eleven telecommunication service providers in Ukraine between since May 2023. According to public sources, the threat actors targeted ICS of at least 11 Ukrainian telecommunications providers leading to the disruption of their services. ” reads the advisory.

Telecommunications

Telecommunications Authentication Data collection Passwords

FBI Shuts Down Chinese Botnet

Schneier on Security

SEPTEMBER 19, 2024

The FBI has shut down a botnet run by Chinese hackers: The botnet malware infected a number of different types of internet-connected devices around the world, including home routers, cameras, digital video recorders, and NAS drives.

Telecommunications

Telecommunications Media Malware Internet

Black Basta ransomware gang hit BT Group

Security Affairs

DECEMBER 4, 2024

British multinational telecommunications holding company BT Group (formerly British Telecom) announced it has shut down some of its servers following a Black Basta ransomware attack. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, ransomware)

Ransomware

Ransomware Telecommunications Healthcare Insurance

CERT-UA warns of cyber espionage against the Ukrainian defense industry using Dark Crystal RAT

Security Affairs

MARCH 20, 2025

The archive contains a fake PDF report and DarkTortilla malware, which acts as a launcher for the Dark Crystal RAT ( DCRat ). The modular architecture of the malware allows to extend its functionalities for multiple malicious purposes, including surveillance, reconnaissance, information theft, DDoS attacks, and arbitrary code execution.

Computers and Electronics

Computers and Electronics Telecommunications Malware Surveillance

Chinese Hackers Use GHOSTSPIDER Malware to Hack Telecoms Across 12+ Countries

The Hacker News

NOVEMBER 26, 2024

The China-linked threat actor known as Earth Estries has been observed using a previously undocumented backdoor called GHOSTSPIDER as part of its attacks targeting Southeast Asian telecommunications companies.

Hacking

Hacking Telecommunications Malware

Security Affairs newsletter Round 498 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

NOVEMBER 17, 2024

Agency Warns Employees About Phone Use Amid Ongoing China Hack APT Actors Embed Malware within macOS Flutter Applications The Botnet is Back: SSC STRIKE Team Uncovers a Renewed Cyber Threat Iranian “Dream Job” Campaign 11.24

Cryptocurrency

Cryptocurrency Malware Hacking Ransomware

US Cyber Command and Microsoft Are Both Disrupting TrickBot

Schneier on Security

OCTOBER 15, 2020

Over the past 10 days, someone has been launching a series of coordinated attacks designed to disrupt Trickbot, an enormous collection of more than two million malware-infected Windows PCs that are constantly being harvested for financial data and are often used as the entry point for deploying ransomware within compromised organizations.

Telecommunications

Telecommunications Internet Internet Malware

China-linked hackers target telecommunication providers in the Middle East

Security Affairs

MARCH 24, 2023

Researchers reported that China-linked hackers targeted telecommunication providers in the Middle East in the first quarter of 2023. In the first quarter of 2023, SentinelLabs researchers spotted the initial phases of attacks against telecommunication providers in the Middle East. ” reads the report published by SentinelLabs.

Telecommunications

Telecommunications Malware Mobile Internet

Americans urged to use encrypted messaging after large, ongoing cyberattack

Malwarebytes

DECEMBER 5, 2024

Speaking to Reuters , a senior US official said the attack telecommunications infrastructure was broad and that the hacking was still ongoing. Volt Typhoon made headlines earlier this year when the FBI removed their malware from hundreds of routers across the US.

Encryption

Encryption Identity Theft Media Telecommunications

Thai police arrested Chinese hackers involved in SMS blaster attacks

Security Affairs

NOVEMBER 25, 2024

These attacks aim at spreading malware by including malicious links that infect devices, phish information by tricking users into sharing personal or financial data, and causing disruptions by overwhelming networks or targeting individuals with spam. The equipment sent nearly 1 million fraudulent messages in 3 days.

Mobile

Mobile Scams Technology Telecommunications

China-linked LightBasin group accessed calling records from telcos worldwide

Security Affairs

OCTOBER 20, 2021

China-linked cyberespionage group LightBasin hacked mobile telephone networks around the world and used specialized tools to access calling records. CrowdStrike researchers reported that at least 13 telecommunication companies were compromised by since 2019. ” reads the report published by Crowdstrike.

Telecommunications

Telecommunications Mobile Hacking Architecture

SFO discloses data breach following the hack of 2 of its websites

Security Affairs

APRIL 11, 2020

San Francisco International Airport (SFO) disclosed a data breach, its websites SFOConnect.com and SFOConstruction.com were hacked last month. The attackers may have gained access to some users’ login credentials after deploying malware on both websites. SecurityAffairs – hacking, data breach). Pierluigi Paganini.

Data breaches

Data breaches Hacking Telecommunications Advertising

Microsoft Exposes Evasive Chinese Tarrask Malware Attacking Windows Computers

The Hacker News

APRIL 13, 2022

The Chinese-backed Hafnium hacking group has been linked to a piece of a new malware that's used to maintain persistence on compromised Windows environments.

Malware

Malware Telecommunications Internet Internet

China-linked Moshen Dragon abuses security software to sideload malware

Security Affairs

MAY 3, 2022

A China-linked APT group, tracked as Moshen Dragon, has been observed targeting the telecommunication sector in Central Asia with ShadowPad and PlugX malware, SentinelOne warns. Both PlugX and ShadowPad malware are very common among China-linked cyberespionage groups. SecurityAffairs – hacking, APT). Pierluigi Paganini.

Software

Software Malware Telecommunications Antivirus

Watch out, WAPDropper malware could subscribe you to premium services

Security Affairs

NOVEMBER 25, 2020

Researchers spotted a new mobile malware dubbed WAPDropper that subscribes users to legitimate premium-rate services. Security researchers from Check Point have spotted a new malware family dubbed WAPDropper that targets mobile phone users to subscribe them to legitimate premium-rate services. ” continues the analysis.

Malware

Malware Telecommunications Mobile Marketing

Russian Sandworm APT impersonates Ukrainian telcos to deliver malware

Security Affairs

SEPTEMBER 21, 2022

Russia-linked APT group Sandworm has been observed impersonating telecommunication providers to target Ukrainian entities with malware. Russia-linked cyberespionage group Sandworm has been observed impersonating telecommunication providers to target Ukrainian entities with malware. net” and “ett[.]hopto[.]org”

Malware

Malware Telecommunications DNS Hacking

Security Affairs newsletter Round 522 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

MAY 4, 2025

Rhysida Ransomware gang claims the hack of the Government of Peru DragonForce group claims the theft of data after Co-op cyberattack U.S. Every week the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Cybercrime

Cybercrime Cyber Attacks Malware Phishing

Nobelium APT uses new Post-Compromise malware MagicWeb

Security Affairs

AUGUST 25, 2022

Russia-linked APT group Nobelium is behind a new sophisticated post-exploitation malware tracked by Microsoft as MagicWeb. Microsoft security researchers discovered a post-compromise malware, tracked as MagicWeb, which is used by the Russia-linked NOBELIUM APT group to maintain persistent access to compromised environments.

Malware

Malware Authentication Telecommunications Government

Russia-linked APT Seashell Blizzard is behind the long running global access operation BadPilot campaign

Security Affairs

FEBRUARY 13, 2025

On September 2022, the Sandworm group was observed impersonating telecommunication providers to target Ukrainian entities with malware. “ Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking,Russia)

Telecommunications

Telecommunications DNS Passwords Hacking

Stealthy MerDoor malware uncovered after five years of attacks

Bleeping Computer

MAY 15, 2023

A new APT hacking group dubbed Lancefly uses a custom 'Merdoor' backdoor malware to target government, aviation, and telecommunication organizations in South and Southeast Asia. [.]

Malware

Malware Telecommunications Government Hacking

SHARED INTEL: Malware-ridden counterfeit phones place consumers, companies in harm’s way

The Last Watchdog

AUGUST 20, 2019

And, increasingly, they come riddled with some of the most invasive types of malware. This is putting consumers and companies in harm’s way through yet another attack vector – one which gives professional hacking collectives another means to compromise online accounts and break into company networks.

Malware

Malware Mobile Manufacturing Marketing

Malware related news headlines trending on Google

CyberSecurity Insiders

SEPTEMBER 21, 2022

Coming to the third news related to malware, Vmware and Microsoft have jointly issued a warning against Chromeloader Malware that has evolved into a major threat in recent times. Hackers are seen using this malware to exploit browsers leading to advertising and affiliate frauds. Last is the news about the Russian-Ukraine war.

Malware

Malware Telecommunications Insurance Ransomware

Earth Lusca adds multiplatform malware KTLVdoor to its arsenal

Security Affairs

SEPTEMBER 5, 2024

The group focuses on government departments that are involved in foreign affairs, technology, and telecommunications. The malware is highly obfuscated and disguises itself as system utilities, allowing attackers to perform tasks like file manipulation, command execution, and remote port scanning.

Malware

Malware Telecommunications Encryption Hacking

Purple Lambert, a new malware of CIA-linked Lambert APT group

Security Affairs

APRIL 29, 2021

Cybersecurity firm Kaspersky discovered a new strain of malware that is believed to be part of the arsenal of theUS Central Intelligence Agency (CIA). Cybersecurity firm Kaspersky has discovered a new malware that experts attribute to the US Central Intelligence Agency. We therefore named this malware Purple Lambert.”

Malware

Malware Hacking Government Telecommunications

US Agencies and FireEye were hacked with a supply chain attack on SolarWinds Software

Security Affairs

DECEMBER 14, 2020

Nation-state actors, allegedly Russia-linked hacked, have compromised the networks of several US government agencies, including the US Treasury, the Commerce Department’s National Telecommunications and Information Administration (NTIA). The hack allowed the threat actors to spy on the internal email traffic.

Hacking

Hacking Software Telecommunications Government

Multiple malware families delivered exploiting GeoServer GeoTools flaw CVE-2024-36401

Security Affairs

SEPTEMBER 8, 2024

Multiple threat actors actively exploited the recently disclosed OSGeo GeoServer GeoTools flaw CVE-2024-36401 in malware-based campaigns. government entities in Belgium, and telecommunications companies in Thailand and Brazil.

Malware

Malware Telecommunications Encryption DDOS

Cuttlefish malware targets enterprise-grade SOHO routers

Security Affairs

MAY 1, 2024

A new malware named Cuttlefish targets enterprise-grade and small office/home office (SOHO) routers to harvest public cloud authentication data. The malware creates a proxy or VPN tunnel on the compromised router to exfiltrate data, and then uses stolen credentials to access targeted resources.

Malware

Malware DNS Authentication Telecommunications

Nobelium continues to target organizations worldwide with custom malware

Security Affairs

DECEMBER 6, 2021

Russia-linked Nobelium APT group is using a new custom malware dubbed Ceeloader in attacks against organizations worldwide. NOBELIUM focuses on government organizations, non-government organizations (NGOs), think tanks, military, IT service providers, health technology and research, and telecommunications providers. Pierluigi Paganini.

Malware

Malware VPN Accountability Telecommunications

LuoYu APT delivers WinDealer malware via man-on-the-side attacks

Security Affairs

JUNE 3, 2022

An “extremely sophisticated” China-linked APT tracked as LuoYu was delivering malware called WinDealer via man-on-the-side attacks. The activity of the group was first documented by TeamT5 researchers that also reported the use of three malware families: SpyDealer, Demsty and WinDealer. SecurityAffairs – hacking, LuoYu).

Malware

Malware Telecommunications Hacking Internet

China-linked APT41 group targets telecommunications companies with new backdoor

Security Affairs

OCTOBER 31, 2019

China-linked APT41 group is targeting telecommunications companies with a new piece of malware used to spy on text messages of highly targeted individuals. The experts found the MessageTap backdoor installed on a Linux-based Short Message Service Center (SMSC) server belonging to an unnamed telecommunications company.

Telecommunications

Telecommunications Malware Advertising Mobile

FireEye Mandiant M-Trends 2020 report: 500+ new Malware strains in 2019

Security Affairs

FEBRUARY 24, 2020

FireEye’s report revealed that the incident response division Mandiant observed more than 500 new malware families in 2019. million malware samples per day in 2019 and identified 1,268 malware families. The most worrisome figure is related to the number of previously unseen malware families which is greater than 500 (41%).

Malware

Malware Cyber threats Advertising Telecommunications

China-linked APT UNC3886 targets EoL Juniper routers

Security Affairs

MARCH 12, 2025

Its primary focus is on defense, technology, and telecommunications sectors in the US and Asia. To deploy malware, the threat actor had to first bypass this security mechanism. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking, backdoor)

Telecommunications

Telecommunications Malware DDOS Technology

ShadowPad malware on Industrial Control Systems of Asia

CyberSecurity Insiders

JUNE 28, 2022

The anti-malware firm is linking the attackers to a Chinese group of Threat Actors and confirmed that the threat actors have interests in targeting SMBs from Asian countries as often such companies do not have enough resources to tackle such attacks.

Malware

Malware Telecommunications Surveillance Cyber threats

Security Affairs newsletter Round 511 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

FEBRUARY 15, 2025

custody in exchange for Marc Fogel North Korea-linked APT Emerald Sleet is using a new tactic U.S.

Spyware

Spyware Firewall Artificial Intelligence Malware

Threat actors exploit Ivanti VPN bugs to deploy KrustyLoader Malware

Security Affairs

JANUARY 31, 2024

Researchers from cybersecurity firm Synacktiv published a technical analysis of a Rust malware, named KrustyLoader, that was delivered by threat actors exploiting the above vulnerabilities. ” Sliver is a post-exploitation framework that is gaining notoriety in the hacking underground as an alternative to the Cobalt Strike framework.

VPN

VPN Malware Authentication Small Business

Earth Kurma APT is actively targeting government and telecommunications orgs in Southeast Asia

Video: Salt Typhoon Hacks Major Telecom Giants Using Malware

Trending Sources

U.S. agency cautions employees to limit phone use due to Salt Typhoon hack of telco providers

Ukrainian telecommunications operators hit by DarkCrystal RAT malware

Hive0117 group targets Russian firms with new variant of DarkWatchman malware

Hacked by Police

Cell Networks Hacked by (Probable) Nation-State Attackers

RansomHub gang claims the hack of the telecommunications giant Frontier Communications

Technical Report of the Bezos Phone Hack

Russia-linked Sandworm APT compromised 11 Ukrainian telecommunications providers

FBI Shuts Down Chinese Botnet

Black Basta ransomware gang hit BT Group

CERT-UA warns of cyber espionage against the Ukrainian defense industry using Dark Crystal RAT

Chinese Hackers Use GHOSTSPIDER Malware to Hack Telecoms Across 12+ Countries

Security Affairs newsletter Round 498 by Pierluigi Paganini – INTERNATIONAL EDITION

US Cyber Command and Microsoft Are Both Disrupting TrickBot

China-linked hackers target telecommunication providers in the Middle East

Americans urged to use encrypted messaging after large, ongoing cyberattack

Thai police arrested Chinese hackers involved in SMS blaster attacks

China-linked LightBasin group accessed calling records from telcos worldwide

SFO discloses data breach following the hack of 2 of its websites

Microsoft Exposes Evasive Chinese Tarrask Malware Attacking Windows Computers

China-linked Moshen Dragon abuses security software to sideload malware

Watch out, WAPDropper malware could subscribe you to premium services

Russian Sandworm APT impersonates Ukrainian telcos to deliver malware

Security Affairs newsletter Round 522 by Pierluigi Paganini – INTERNATIONAL EDITION

Nobelium APT uses new Post-Compromise malware MagicWeb

Russia-linked APT Seashell Blizzard is behind the long running global access operation BadPilot campaign

Stealthy MerDoor malware uncovered after five years of attacks

SHARED INTEL: Malware-ridden counterfeit phones place consumers, companies in harm’s way

Malware related news headlines trending on Google

Earth Lusca adds multiplatform malware KTLVdoor to its arsenal

Purple Lambert, a new malware of CIA-linked Lambert APT group

US Agencies and FireEye were hacked with a supply chain attack on SolarWinds Software

Multiple malware families delivered exploiting GeoServer GeoTools flaw CVE-2024-36401

Cuttlefish malware targets enterprise-grade SOHO routers

Nobelium continues to target organizations worldwide with custom malware

LuoYu APT delivers WinDealer malware via man-on-the-side attacks

China-linked APT41 group targets telecommunications companies with new backdoor

FireEye Mandiant M-Trends 2020 report: 500+ new Malware strains in 2019

China-linked APT UNC3886 targets EoL Juniper routers

ShadowPad malware on Industrial Control Systems of Asia

Security Affairs newsletter Round 511 by Pierluigi Paganini – INTERNATIONAL EDITION

Threat actors exploit Ivanti VPN bugs to deploy KrustyLoader Malware

Stay Connected