Hacking, Malware and Telecommunications

Ukrainian telecommunications operators hit by DarkCrystal RAT malware

Security Affairs

JUNE 27, 2022

The Ukrainian CERT-UA warns of attacks against Ukrainian telecommunications operators involving the DarkCrystal RAT. The Governmental Computer Emergency Response Team of Ukraine (CERT-UA) is warning of a malware campaign targeting Ukrainian telecommunications operators with the DarkCrystal RAT. SecurityAffairs – hacking, RAT).

Telecommunications

Telecommunications Malware Media Passwords

Russia-linked Sandworm APT compromised 11 Ukrainian telecommunications providers

Security Affairs

OCTOBER 17, 2023

Russia-linked APT group Sandworm has hacked eleven telecommunication service providers in Ukraine between since May 2023. According to public sources, the threat actors targeted ICS of at least 11 Ukrainian telecommunications providers leading to the disruption of their services. ” reads the advisory.

Telecommunications

Telecommunications Authentication Data collection Passwords

China-linked hackers target telecommunication providers in the Middle East

Security Affairs

MARCH 24, 2023

Researchers reported that China-linked hackers targeted telecommunication providers in the Middle East in the first quarter of 2023. In the first quarter of 2023, SentinelLabs researchers spotted the initial phases of attacks against telecommunication providers in the Middle East. ” reads the report published by SentinelLabs.

Telecommunications

Telecommunications Malware Mobile Internet

Cuttlefish malware targets enterprise-grade SOHO routers

Security Affairs

MAY 1, 2024

A new malware named Cuttlefish targets enterprise-grade and small office/home office (SOHO) routers to harvest public cloud authentication data. The malware creates a proxy or VPN tunnel on the compromised router to exfiltrate data, and then uses stolen credentials to access targeted resources.

Malware

Malware DNS Authentication Telecommunications

Stealthy MerDoor malware uncovered after five years of attacks

Bleeping Computer

MAY 15, 2023

A new APT hacking group dubbed Lancefly uses a custom 'Merdoor' backdoor malware to target government, aviation, and telecommunication organizations in South and Southeast Asia. [.]

Malware

Malware Telecommunications Government Hacking

Alleged China-Tied Hackers Are Targeting Telecommunications Sector

SecureWorld News

OCTOBER 21, 2021

CrowdStrike recently posted a blog about its investigation into a malicious hacking group known as LightBasin, or UNC1945. Since 2016, this cybercrime organization has been building customized tools to invade the world's telecommunications sector. LightBasin hacks critical infrastructure with intention and competence.

Telecommunications

Telecommunications Energy and Utilities Passwords Hacking

Hacked by Police

Schneier on Security

JULY 3, 2020

French police hacked EncroChat secure phones, which are widely used by criminals: Encrochat's phones are essentially modified Android devices, with some models using the "BQ Aquaris X2," an Android handset released in 2018 by a Spanish electronics company, according to the leaked documents. Lots of details about the hack in the article.

Hacking

Hacking Telecommunications Encryption Firewall

Budworm hackers target telcos and govt orgs with custom malware

Bleeping Computer

SEPTEMBER 28, 2023

A Chinese cyber-espionage hacking group tracked as Budworm has been observed targeting a telecommunication firm in the Middle East and a government entity in Asia using a new variant of its custom 'SysUpdate' backdoor. [.]

Telecommunications

Telecommunications Malware Government Hacking

Russian Sandworm APT impersonates Ukrainian telcos to deliver malware

Security Affairs

SEPTEMBER 21, 2022

Russia-linked APT group Sandworm has been observed impersonating telecommunication providers to target Ukrainian entities with malware. Russia-linked cyberespionage group Sandworm has been observed impersonating telecommunication providers to target Ukrainian entities with malware. net” and “ett[.]hopto[.]org”

Malware

Malware Telecommunications DNS Hacking

Microsoft Exposes Evasive Chinese Tarrask Malware Attacking Windows Computers

The Hacker News

APRIL 13, 2022

The Chinese-backed Hafnium hacking group has been linked to a piece of a new malware that's used to maintain persistence on compromised Windows environments.

Malware

Malware Telecommunications Internet Internet

Russian Sandworm hackers pose as Ukrainian telcos to drop malware

Bleeping Computer

SEPTEMBER 19, 2022

The Russian state-sponsored hacking group known as Sandworm has been observed masquerading as telecommunication providers to target Ukrainian entities with malware. [.].

Malware

Malware Telecommunications Hacking

Malware related news headlines trending on Google

CyberSecurity Insiders

SEPTEMBER 21, 2022

Coming to the third news related to malware, Vmware and Microsoft have jointly issued a warning against Chromeloader Malware that has evolved into a major threat in recent times. Hackers are seen using this malware to exploit browsers leading to advertising and affiliate frauds. Last is the news about the Russian-Ukraine war.

Malware

Malware Telecommunications Insurance Ransomware

Raspberry Robin malware used in attacks against Telecom and Governments

Security Affairs

DECEMBER 24, 2022

The Raspberry Robin worm attacks aimed at telecommunications and government office systems across Latin America, Australia, and Europe. Researchers from Trend Micro have uncovered a Raspberry Robin worm campaign targeting telecommunications and government office systems across Latin America, Australia, and Europe. exe, and rundll32.exe.

Government

Government Malware Telecommunications Cybercrime

Threat actors exploit Ivanti VPN bugs to deploy KrustyLoader Malware

Security Affairs

JANUARY 31, 2024

Researchers from cybersecurity firm Synacktiv published a technical analysis of a Rust malware, named KrustyLoader, that was delivered by threat actors exploiting the above vulnerabilities. ” Sliver is a post-exploitation framework that is gaining notoriety in the hacking underground as an alternative to the Cobalt Strike framework.

VPN

VPN Malware Authentication Small Business

ShadowPad malware on Industrial Control Systems of Asia

CyberSecurity Insiders

JUNE 28, 2022

The anti-malware firm is linking the attackers to a Chinese group of Threat Actors and confirmed that the threat actors have interests in targeting SMBs from Asian countries as often such companies do not have enough resources to tackle such attacks.

Malware

Malware Telecommunications Surveillance Cyber threats

Pakistani Entities Targeted in Sophisticated Attack Deploying ShadowPad Malware

The Hacker News

JULY 18, 2023

An unidentified threat actor compromised an application used by multiple entities in Pakistan to deliver ShadowPad, a successor to the PlugX backdoor that's commonly associated with Chinese hacking crews. Targets included a Pakistan government entity, a public sector bank, and a telecommunications provider, according to Trend Micro.

Telecommunications

Telecommunications Malware Banking Government

Nobelium APT uses new Post-Compromise malware MagicWeb

Security Affairs

AUGUST 25, 2022

Russia-linked APT group Nobelium is behind a new sophisticated post-exploitation malware tracked by Microsoft as MagicWeb. Microsoft security researchers discovered a post-compromise malware, tracked as MagicWeb, which is used by the Russia-linked NOBELIUM APT group to maintain persistent access to compromised environments.

Malware

Malware Authentication Telecommunications Government

China-linked Alloy Taurus APT uses a Linux variant of PingPull malware

Security Affairs

APRIL 26, 2023

The Chinese APT is known to be focused on telecommunications companies operating across Asia, Europe and Africa. This circumstance suggests that the threat actor is reusing existing source code to create new malware. ” reads the analysis published by Unit 42. org over port 8443 for C2. While investigating the yrhsywu2009.zapto[.]org

Malware

Malware Telecommunications Government VPN

Winter Vivern APT hackers use fake antivirus scans to install malware

Bleeping Computer

MARCH 16, 2023

An advanced hacking group named 'Winter Vivern' targets European government organizations and telecommunication service providers to conduct espionage. [.]

Antivirus

Antivirus Telecommunications Malware Government

Earth Lusca expands its arsenal with SprySOCKS Linux malware

Security Affairs

SEPTEMBER 19, 2023

China-linked threat actor Earth Lusca used a new Linux malware dubbed SprySOCKS in a recent cyber espionage campaign. The experts noticed that the threat actors have rewritten many functions of the malware to run on Linux systems. Additional analysis led to the discovery of a previously unknown Linux backdoor tracked as SprySOCKS.

Malware

Malware Encryption Telecommunications Authentication

China-linked LightBasin group accessed calling records from telcos worldwide

Security Affairs

OCTOBER 20, 2021

China-linked cyberespionage group LightBasin hacked mobile telephone networks around the world and used specialized tools to access calling records. CrowdStrike researchers reported that at least 13 telecommunication companies were compromised by since 2019. ” reads the report published by Crowdstrike.

Telecommunications

Telecommunications Mobile Hacking Architecture

China-linked Moshen Dragon abuses security software to sideload malware

Security Affairs

MAY 3, 2022

A China-linked APT group, tracked as Moshen Dragon, has been observed targeting the telecommunication sector in Central Asia with ShadowPad and PlugX malware, SentinelOne warns. Both PlugX and ShadowPad malware are very common among China-linked cyberespionage groups. SecurityAffairs – hacking, APT). Pierluigi Paganini.

Software

Software Malware Telecommunications Antivirus

China-linked APT41 group targets telecommunications companies with new backdoor

Security Affairs

OCTOBER 31, 2019

China-linked APT41 group is targeting telecommunications companies with a new piece of malware used to spy on text messages of highly targeted individuals. The experts found the MessageTap backdoor installed on a Linux-based Short Message Service Center (SMSC) server belonging to an unnamed telecommunications company.

Telecommunications

Telecommunications Malware Mobile Advertising

LuoYu APT delivers WinDealer malware via man-on-the-side attacks

Security Affairs

JUNE 3, 2022

An “extremely sophisticated” China-linked APT tracked as LuoYu was delivering malware called WinDealer via man-on-the-side attacks. The activity of the group was first documented by TeamT5 researchers that also reported the use of three malware families: SpyDealer, Demsty and WinDealer. SecurityAffairs – hacking, LuoYu).

Malware

Malware Telecommunications Internet Internet

Raspberry Robin malware used in attacks against Telecom and Governments

Security Affairs

DECEMBER 24, 2022

The Raspberry Robin worm attacks aimed at telecommunications and government office systems across Latin America, Australia, and Europe. Researchers from Trend Micro have uncovered a Raspberry Robin worm campaign targeting telecommunications and government office systems across Latin America, Australia, and Europe. exe, and rundll32.exe.

Government

Government Malware Telecommunications Cybercrime

SFO discloses data breach following the hack of 2 of its websites

Security Affairs

APRIL 11, 2020

San Francisco International Airport (SFO) disclosed a data breach, its websites SFOConnect.com and SFOConstruction.com were hacked last month. The attackers may have gained access to some users’ login credentials after deploying malware on both websites. SecurityAffairs – hacking, data breach). Pierluigi Paganini.

Data breaches

Data breaches Hacking Telecommunications Passwords

Purple Lambert, a new malware of CIA-linked Lambert APT group

Security Affairs

APRIL 29, 2021

Cybersecurity firm Kaspersky discovered a new strain of malware that is believed to be part of the arsenal of theUS Central Intelligence Agency (CIA). Cybersecurity firm Kaspersky has discovered a new malware that experts attribute to the US Central Intelligence Agency. We therefore named this malware Purple Lambert.”

Malware

Malware Hacking Government Telecommunications

Sandman APT targets telcos with LuaDream backdoor

Security Affairs

SEPTEMBER 22, 2023

A previously undocumented APT dubbed Sandman targets telecommunication service providers in the Middle East, Western Europe, and South Asia. SentinelLabs clarified that LuaJIT is used by the attackers as an attack vector and is used to install additional malware in the target infrastructure. ” continues the report.

Telecommunications

Telecommunications Malware Hacking Risk

Watch out, WAPDropper malware could subscribe you to premium services

Security Affairs

NOVEMBER 25, 2020

Researchers spotted a new mobile malware dubbed WAPDropper that subscribes users to legitimate premium-rate services. Security researchers from Check Point have spotted a new malware family dubbed WAPDropper that targets mobile phone users to subscribe them to legitimate premium-rate services. ” continues the analysis.

Malware

Malware Telecommunications Mobile Marketing

On Executive Order 12333

Schneier on Security

SEPTEMBER 28, 2020

The Article pays particular attention to EO 12333’s designation of the National Security Agency as primarily responsible for conducting signals intelligence, which includes the installation of malware, the analysis of internet traffic traversing the telecommunications backbone, the hacking of U.S.-based

Surveillance

Surveillance Telecommunications Internet Internet

US Agencies and FireEye were hacked with a supply chain attack on SolarWinds Software

Security Affairs

DECEMBER 14, 2020

Nation-state actors, allegedly Russia-linked hacked, have compromised the networks of several US government agencies, including the US Treasury, the Commerce Department’s National Telecommunications and Information Administration (NTIA). The hack allowed the threat actors to spy on the internal email traffic.

Software

Software Hacking Telecommunications Government

New GTPDOOR backdoor is designed to target telecom carrier networks

Security Affairs

MARCH 4, 2024

LightBasin targeted and compromised mobile telephone networks around the globe and used specialized tools to access calling records and text messages from telecommunications companies. CrowdStrike researchers reported that at least 13 telecommunication companies were compromised by since 2019.

Telecommunications

Telecommunications Firewall Mobile Malware

Iran-linked Lyceum APT adds a new.NET DNS Backdoor to its arsenal

Security Affairs

JUNE 11, 2022

Iran-linked Lyceum APT group uses a new.NET-based DNS backdoor to target organizations in the energy and telecommunication sectors. The Iran-linked Lyceum APT group, aka Hexane or Spilrin, used a new.NET-based DNS backdoor in a campaign aimed at companies in the energy and telecommunication sectors, ZScaler researchers warn.

DNS

DNS Telecommunications Malware Phishing

230K individuals impacted by a data breach suffered by Telco provider Tangerine

Security Affairs

FEBRUARY 23, 2024

Australian telecommunications provider Tangerine disclosed a data breach that impacted roughly 230,000 individuals. The telecommunications provider pointed out that no financial information (credit or debit card numbers, banking details) has been compromised.

Data breaches

Data breaches Telecommunications Banking Mobile

Threat actors hacked hundreds of servers by exploiting Zimbra CVE-2022-41352 bug

Security Affairs

OCTOBER 16, 2022

Some webshell paths that @Volexity identified were used in targeted (likely #APT ) exploitation of key organizations in government, telecommunications, and IT, predominantly in Asia; others were used in massive worldwide #exploitation. On receiving the e-mail, Zimbra submits it to Amavis for spam and malware inspection.

Hacking

Hacking Antivirus Telecommunications Engineering

6 out of 11 EU agencies running Solarwinds Orion software were hacked

Security Affairs

APRIL 16, 2021

European Commissioner for Budget and Administration Johannes Hahn confirmed the hack of some EU agencies as result of the SolarWinds supply chain attack in a response to a question filed by an EU Parliament member in February 2021. The hack allowed the threat actors to spy on the internal email traffic. Pierluigi Paganini.

Hacking

Hacking Software Telecommunications Cyber Attacks

Security Affairs newsletter Round 440 by Pierluigi Paganini – International edition

Security Affairs

OCTOBER 8, 2023

Belgian intelligence service VSSE accused Alibaba of ‘possible espionage’ at European hub in Liege A WhatsApp zero-day exploit can cost several million dollars CISA adds JetBrains TeamCity and Windows flaws to its Known Exploited Vulnerabilities catalog NATO is investigating a new cyber attack claimed by the SiegedSec group Global CRM Provider Exposed (..)

Data breaches

Data breaches Cybercrime Ransomware Hacking

US Cyber Command and Microsoft Are Both Disrupting TrickBot

Schneier on Security

OCTOBER 15, 2020

Over the past 10 days, someone has been launching a series of coordinated attacks designed to disrupt Trickbot, an enormous collection of more than two million malware-infected Windows PCs that are constantly being harvested for financial data and are often used as the entry point for deploying ransomware within compromised organizations.

Telecommunications

Telecommunications Internet Internet Malware

WIP19, a new Chinese APT targets IT Service Providers and Telcos

Security Affairs

OCTOBER 14, 2022

Chinese-speaking threat actor, tracked as WIP19, is targeting telecommunications and IT service providers in the Middle East and Asia. SentinelOne researchers uncovered a new threat cluster, tracked as WIP19, which has been targeting telecommunications and IT service providers in the Middle East and Asia. ” continues the report.

Telecommunications

Telecommunications Malware Hacking Information Security

MI5 chief warns of Chinese cyber espionage reached an unprecedented scale

Security Affairs

OCTOBER 22, 2023

The group targeted organizations in multiple sectors, including defense, government, electronics, telecommunication, technology, media, telecommunication industries. The researchers observed Flax Typhoon gaining and maintaining long-term access to Taiwanese organizations’ networks with minimal use of malware.

Telecommunications

Telecommunications Technology Government Firmware

Caketap, a new Unix rootkit used to siphon ATM banking data

Security Affairs

MARCH 18, 2022

The China-linked hacking group has been active since at least 2016, according to the CrowdStrike researchers it is using a very sophisticated toolset. CrowdStrike researchers reported that at least 13 telecommunication companies were compromised by the group since 2019. SecurityAffairs – hacking, Caketap). Pierluigi Paganini.

Banking

Banking Telecommunications System Administration Hacking

Operation GhostShell: MalKamak APT targets aerospace and telco firms

Security Affairs

OCTOBER 7, 2021

Operation GhostShell: Threat actors used ShellClient malware in cyberespionage campaigns aimed at companies in the aerospace and telecommunications sectors. Hackers use stealthy ShellClient malware on aerospace, telco firms. The analysis of the malware employed in the recent Operation GhostShell (version 4.0.1)

Telecommunications

Telecommunications Malware Hacking Information Security

Sandworm APT targets Ukraine with new SwiftSlicer wiper

Security Affairs

JANUARY 28, 2023

On September 2022, the Sandworm group was observed impersonating telecommunication providers to target Ukrainian entities with malware. Security firms warn that the Sandworm APT continues to target Ukraine with multiple means, including custom malware and botnet.

Telecommunications

Telecommunications Malware Hacking Technology

China-linked APT BlackTech was spotted hiding in Cisco router firmware

Security Affairs

SEPTEMBER 27, 2023

US and Japanese authorities warn that a China-linked APT BlackTech planted backdoor in Cisco router firmware to hack the businesses in both countries. The group targeted organizations in multiple sectors, including defense, government, electronics, telecommunication, technology, media, telecommunication industries.

Firmware

Firmware Telecommunications System Administration Malware

Ukrainian telecommunications operators hit by DarkCrystal RAT malware

Russia-linked Sandworm APT compromised 11 Ukrainian telecommunications providers

Trending Sources

China-linked hackers target telecommunication providers in the Middle East

Cuttlefish malware targets enterprise-grade SOHO routers

Stealthy MerDoor malware uncovered after five years of attacks

Alleged China-Tied Hackers Are Targeting Telecommunications Sector

Hacked by Police

Budworm hackers target telcos and govt orgs with custom malware

Russian Sandworm APT impersonates Ukrainian telcos to deliver malware

Microsoft Exposes Evasive Chinese Tarrask Malware Attacking Windows Computers

Russian Sandworm hackers pose as Ukrainian telcos to drop malware

Malware related news headlines trending on Google

Raspberry Robin malware used in attacks against Telecom and Governments

Threat actors exploit Ivanti VPN bugs to deploy KrustyLoader Malware

ShadowPad malware on Industrial Control Systems of Asia

Pakistani Entities Targeted in Sophisticated Attack Deploying ShadowPad Malware

Nobelium APT uses new Post-Compromise malware MagicWeb

China-linked Alloy Taurus APT uses a Linux variant of PingPull malware

Winter Vivern APT hackers use fake antivirus scans to install malware

Earth Lusca expands its arsenal with SprySOCKS Linux malware

China-linked LightBasin group accessed calling records from telcos worldwide

China-linked Moshen Dragon abuses security software to sideload malware

China-linked APT41 group targets telecommunications companies with new backdoor

LuoYu APT delivers WinDealer malware via man-on-the-side attacks

Raspberry Robin malware used in attacks against Telecom and Governments

SFO discloses data breach following the hack of 2 of its websites

Purple Lambert, a new malware of CIA-linked Lambert APT group

Sandman APT targets telcos with LuaDream backdoor

Watch out, WAPDropper malware could subscribe you to premium services

On Executive Order 12333

US Agencies and FireEye were hacked with a supply chain attack on SolarWinds Software

New GTPDOOR backdoor is designed to target telecom carrier networks

Iran-linked Lyceum APT adds a new.NET DNS Backdoor to its arsenal

230K individuals impacted by a data breach suffered by Telco provider Tangerine

Threat actors hacked hundreds of servers by exploiting Zimbra CVE-2022-41352 bug

6 out of 11 EU agencies running Solarwinds Orion software were hacked

Security Affairs newsletter Round 440 by Pierluigi Paganini – International edition

US Cyber Command and Microsoft Are Both Disrupting TrickBot

WIP19, a new Chinese APT targets IT Service Providers and Telcos

MI5 chief warns of Chinese cyber espionage reached an unprecedented scale

Caketap, a new Unix rootkit used to siphon ATM banking data

Operation GhostShell: MalKamak APT targets aerospace and telco firms

Sandworm APT targets Ukraine with new SwiftSlicer wiper

China-linked APT BlackTech was spotted hiding in Cisco router firmware

Stay Connected