Information Security, Malware, Technology and Telecommunications

Russia-linked Sandworm APT compromised 11 Ukrainian telecommunications providers

Security Affairs

OCTOBER 17, 2023

Russia-linked APT group Sandworm has hacked eleven telecommunication service providers in Ukraine between since May 2023. The Russia-linked APT group Sandworm (UAC-0165) has compromised eleven telecommunication service providers in Ukraine between May and September 2023, reported the Ukraine’s Computer Emergency Response Team (CERT-UA).

Telecommunications

Telecommunications Authentication Data collection Passwords

Russian Sandworm APT impersonates Ukrainian telcos to deliver malware

Security Affairs

SEPTEMBER 21, 2022

Russia-linked APT group Sandworm has been observed impersonating telecommunication providers to target Ukrainian entities with malware. Russia-linked cyberespionage group Sandworm has been observed impersonating telecommunication providers to target Ukrainian entities with malware. net” and “ett[.]hopto[.]org”

Malware

Malware Telecommunications DNS Hacking

Raspberry Robin malware used in attacks against Telecom and Governments

Security Affairs

DECEMBER 24, 2022

The Raspberry Robin worm attacks aimed at telecommunications and government office systems across Latin America, Australia, and Europe. Researchers from Trend Micro have uncovered a Raspberry Robin worm campaign targeting telecommunications and government office systems across Latin America, Australia, and Europe. exe, and rundll32.exe.

Government

Government Malware Telecommunications Cybercrime

Threat actors exploit Ivanti VPN bugs to deploy KrustyLoader Malware

Security Affairs

JANUARY 31, 2024

In early January 2024, software firm Ivanti reported that threat actors were exploiting two zero-day vulnerabilities ( CVE-2023-46805, CVE-2024-21887 ) in Connect Secure (ICS) and Policy Secure to remotely execute arbitrary commands on targeted gateways. x and Ivanti Policy Secure. The flaw CVE-2023-46805 (CVSS score 8.2)

VPN

VPN Malware Authentication Small Business

Nobelium APT uses new Post-Compromise malware MagicWeb

Security Affairs

AUGUST 25, 2022

Russia-linked APT group Nobelium is behind a new sophisticated post-exploitation malware tracked by Microsoft as MagicWeb. Microsoft security researchers discovered a post-compromise malware, tracked as MagicWeb, which is used by the Russia-linked NOBELIUM APT group to maintain persistent access to compromised environments.

Malware

Malware Authentication Telecommunications Government

Earth Lusca expands its arsenal with SprySOCKS Linux malware

Security Affairs

SEPTEMBER 19, 2023

China-linked threat actor Earth Lusca used a new Linux malware dubbed SprySOCKS in a recent cyber espionage campaign. The experts noticed that the threat actors have rewritten many functions of the malware to run on Linux systems. Additional analysis led to the discovery of a previously unknown Linux backdoor tracked as SprySOCKS.

Malware

Malware Encryption Telecommunications Authentication

MI5 chief warns of Chinese cyber espionage reached an unprecedented scale

Security Affairs

OCTOBER 22, 2023

“If you’re working today at the cutting edge of technology then geopolitics is interested in you, even if you’re not interested in geopolitics.” ” Commercial businesses in the technology sector of any size, especially small companies and start-ups and researchers, are more exposed to Chinese espionage. .

Telecommunications

Telecommunications Technology Government Firmware

Raspberry Robin malware used in attacks against Telecom and Governments

Security Affairs

DECEMBER 24, 2022

The Raspberry Robin worm attacks aimed at telecommunications and government office systems across Latin America, Australia, and Europe. Researchers from Trend Micro have uncovered a Raspberry Robin worm campaign targeting telecommunications and government office systems across Latin America, Australia, and Europe. exe, and rundll32.exe.

Government

Government Malware Telecommunications Cybercrime

Purple Lambert, a new malware of CIA-linked Lambert APT group

Security Affairs

APRIL 29, 2021

Cybersecurity firm Kaspersky discovered a new strain of malware that is believed to be part of the arsenal of theUS Central Intelligence Agency (CIA). Cybersecurity firm Kaspersky has discovered a new malware that experts attribute to the US Central Intelligence Agency. We therefore named this malware Purple Lambert.”

Malware

Malware Hacking Government Telecommunications

China-linked APT BlackTech was spotted hiding in Cisco router firmware

Security Affairs

SEPTEMBER 27, 2023

The group targeted organizations in multiple sectors, including defense, government, electronics, telecommunication, technology, media, telecommunication industries. According to a joint cybersecurity advisory from the United States National Security Agency (NSA), the U.S. Federal Bureau of Investigation (FBI), the U.S.

Firmware

Firmware Telecommunications System Administration Malware

Sandworm APT targets Ukraine with new SwiftSlicer wiper

Security Affairs

JANUARY 28, 2023

1/3 pic.twitter.com/pMij9lpU5J — ESET Research (@ESETresearch) January 27, 2023 The Sandworm group has been active since 2000, it operates under the control of Unit 74455 of the Russian GRU’s Main Center for Special Technologies (GTsST). We attribute this attack to #Sandworm.

Telecommunications

Telecommunications Malware Hacking Technology

Telecom giant Lumen suffered a ransomware attack and disclose a second incident

Security Affairs

MARCH 28, 2023

Telecommunications giant Lumen Technologies discovered two cybersecurity incidents, including a ransomware attack. In a filing to the Securities and Exchange Commission, on March 27, 2023, Lumen announced two cybersecurity incidents. ” continues the form.

Ransomware

Ransomware Telecommunications Technology Cybersecurity

Russia-linked Nobelium APT targets orgs in the global IT supply chain

Security Affairs

OCTOBER 25, 2021

The NOBELIUM APT ( APT29 , Cozy Bear , and The Dukes) is the threat actor that conducted supply chain attack against SolarWinds, which involved multiple families of implants, including the SUNBURST backdoor , TEARDROP malware , GoldMax malware , Sibot , and GoldFinder backdoors. ” states Microsoft.

Telecommunications

Telecommunications Technology Hacking Malware

Experts link Hermit spyware to Italian surveillance firm RCS Lab and a front company

Security Affairs

JUNE 17, 2022

Experts uncovered an enterprise-grade surveillance malware dubbed Hermit used to target individuals in Kazakhstan, Syria, and Italy since 2019. and Tykelab Srl, the latter is a telecommunications solutions company suspected to be operating as a front company. ” reads the analysis published by Lookout.

Spyware

Spyware Surveillance Telecommunications Mobile

France will not ban Huawei from its upcoming 5G networks

Security Affairs

SEPTEMBER 1, 2020

French President Emmanuel Macron announced that France won’t ban the Chinese giant Huawei from its upcoming 5G telecommunication networks. French President Emmanuel Macron announced that his government will not exclude Chinese telecom giant Huawei from the building of the upcoming 5G telecommunication networks.

Telecommunications

Telecommunications Advertising Technology Manufacturing

RansomBoggs Ransomware hit several Ukrainian entities, experts attribute it to Russia

Security Affairs

NOVEMBER 28, 2022

While the malware written in.NET is new, its deployment is similar to previous attacks attributed to #Sandworm. Sandworm (aka BlackEnergy and TeleBots ) has been active since 2000, it operates under the control of Unit 74455 of the Russian GRU’s Main Center for Special Technologies (GTsST).

Ransomware

Ransomware Encryption Telecommunications Malware

GUEST ESSAY: Preparing for the dire cybersecurity consequences of Russia’s invasion of Ukraine

The Last Watchdog

APRIL 13, 2022

The Russian government, military, and intelligence service may wish to achieve some operational effect, for example, disrupting the power grid or interfering with telecommunications infrastructure, which may be part of a larger war plan. Educate your employees on threats and risks such as phishing and malware.

Cybersecurity

Cybersecurity Cybercrime Education Passwords

RedFoxtrot operations linked to China’s PLA Unit 69010 due to bad opsec

Security Affairs

JUNE 19, 2021

. “RedFoxtrot has primarily targeted aerospace and defense, government, telecommunications, mining, and research organizations in Afghanistan, India, Kazakhstan, Kyrgyzstan, Pakistan, Tajikistan, and Uzbekistan. Experts noticed that RedFoxtrot activity overlaps with groups tracked by other security firms as Temp.Trident and Nomad Panda.

Telecommunications

Telecommunications Government Hacking Malware

Trojanized Comm100 Live Chat app installer distributed a JavaScript backdoor

Security Affairs

OCTOBER 4, 2022

The malicious installer was used to infect organizations in multiple sectors, including the industrial, healthcare, technology, manufacturing, insurance and telecommunications sectors in North America and Europe. “Malware is delivered via a signed Comm100 installer that was downloadable from the company’s website.

Telecommunications

Telecommunications Insurance Manufacturing Healthcare

FIN11 gang started deploying ransomware to monetize its operations

Security Affairs

OCTOBER 18, 2020

Since August, FIN11 started targeting organizations in many industries, including defense, energy, finance, healthcare, legal, pharmaceutical, telecommunications, technology, and transportation. Researchers from FireEye’s Mandiant observed FIN11 hackers using spear-phishing messages distributing a malware downloader dubbed FRIENDSPEAK.

Ransomware

Ransomware Malware Telecommunications Advertising

Symantec uncovered a previously unknown nation-state actor, named Harvester, that targeted telcos

Security Affairs

OCTOBER 19, 2021

Symantec spotted a previously unknown nation-state actor, tracked as Harvester, that is targeting telecommunication providers and IT firms in South Asia. “The Harvester group uses both custom malware and publicly available tools in its attacks, which began in June 2021, with the most recent activity seen in October 2021.

Telecommunications

Telecommunications Government Malware Encryption

Sandworm APT group hit Ukrainian news agency with five data wipers

Security Affairs

JANUARY 30, 2023

The Sandworm group has been active since 2000, it operates under the control of Unit 74455 of the Russian GRU’s Main Center for Special Technologies (GTsST). On September 2022, the Sandworm group was observed impersonating telecommunication providers to target Ukrainian entities with malware.

Telecommunications

Telecommunications Malware Hacking Technology

Russia-linked Nobelium APT group uses custom backdoor to target Windows domains

Security Affairs

SEPTEMBER 28, 2021

Microsoft discovered new custom malware, dubbed FoggyWeb, used by the Nobelium cyberespionage group to implant backdoor in Windows domains. “Once NOBELIUM obtains credentials and successfully compromises a server, the actor relies on that access to maintain persistence and deepen its infiltration using sophisticated malware and tools.

Telecommunications

Telecommunications Malware Encryption Government

SFO discloses data breach following the hack of 2 of its websites

Security Affairs

APRIL 11, 2020

The attackers may have gained access to some users’ login credentials after deploying malware on both websites. The attackers inserted malicious computer code on these websites to steal some users’ login credentials,” reads a message posted to both site’s by the SFO’s Airport Information Technology and Telecommunications (ITT) director.

Data breaches

Data breaches Hacking Telecommunications Passwords

Lapsus$ Ransomware Group is hiring, it announced recruitment of insiders

Security Affairs

MARCH 11, 2022

Lapsus$ Ransomware gang is looking for insiders willing to sell remote access to major technology corporations and ISPs. Thursday, March 10, Lapsus$ ransomware gang announced they’re starting to recruit insiders employed within major technology giants and ISPs, such companies include Microsoft, Apple, EA Games and IBM.

Ransomware

Ransomware Telecommunications Technology VPN

China-linked APT41 group exploits Citrix, Cisco, Zoho flaws

Security Affairs

MARCH 25, 2020

The group hit entities in several industries, including the gaming, healthcare, high-tech, higher education, telecommunications, and travel services industries. Unlike other China-based actors, the group used custom malware in cyber espionage operations, experts observed 46 different malware families and tools in APT41 campaigns.

Telecommunications

Telecommunications Healthcare Education Advertising

Russia-linked APT8 exploited Outlook zero-day to target European NATO members

Security Affairs

DECEMBER 7, 2023

Most of the APT28s’ campaigns leveraged spear-phishing and malware-based attacks. The group operates out of military unity 26165 of the Russian General Staff Main Intelligence Directorate (GRU) 85th Main Special Service Center (GTsSS). The vulnerability is a Microsoft Outlook spoofing vulnerability that can lead to an authentication bypass.

Government

Government Telecommunications Accountability Phishing

Nobelium APT targets French orgs, French ANSSI agency warns

Security Affairs

DECEMBER 6, 2021

The NOBELIUM APT ( APT29 , Cozy Bear , and The Dukes) is the threat actor that conducted supply chain attack against SolarWinds, which involved multiple families of implants, including the SUNBURST backdoor , TEARDROP malware , GoldMax malware , Sibot , and GoldFinder backdoors.

Phishing

Phishing Telecommunications Government Accountability

Google TAG warns of Russia-linked APT groups targeting Ukraine

Security Affairs

APRIL 20, 2023

FROZENLAKE, aka Sandworm , has been active since 2000, it operates under the control of Unit 74455 of the Russian GRU’s Main Center for Special Technologies (GTsST). On September 2022, the Sandworm group was observed impersonating telecommunication providers to target Ukrainian entities with malware. and similar services.

Phishing

Phishing Education Accountability Telecommunications

Security Affairs newsletter Round 438 by Pierluigi Paganini – International edition

Security Affairs

SEPTEMBER 24, 2023

Government of Bermuda blames Russian threat actors for the cyber attack City of Dallas has set a budget of $8.5 Government of Bermuda blames Russian threat actors for the cyber attack City of Dallas has set a budget of $8.5

Cyber Attacks

Cyber Attacks Firewall Data breaches Telecommunications

Russian Sandworm disrupts power in Ukraine with a new OT attack

Security Affairs

NOVEMBER 9, 2023

Mandiant researchers reported that Russia-linked APT group Sandworm employed new operational technology (OT) attacks that caused power outages while the Russian army was conducting mass missile strikes on critical infrastructure in Ukraine in October.

Telecommunications

Telecommunications Hacking Technology Internet

Russia-linked IRIDIUM APT linked to Prestige ransomware attacks against Ukraine

Security Affairs

NOVEMBER 11, 2022

Sandworm (aka BlackEnergy and TeleBots ) has been active since 2000, it operates under the control of Unit 74455 of the Russian GRU’s Main Center for Special Technologies (GTsST). In April, Sandworm targeted energy facilities in Ukraine with a new strain of the Industroyer ICS malware (INDUSTROYER2) and a new version of the CaddyWiper wiper.

Ransomware

Ransomware Telecommunications DNS Hacking

Microsoft details new sophisticated spear-phishing attacks from NOBELIUM

Security Affairs

MAY 28, 2021

The NOBELIUM APT is the threat actor that conducted supply chain attack against SolarWinds which involved multiple families of implants, including the SUNBURST backdoor , TEARDROP malware , GoldMax malware , Sibot , and GoldFinder backdoors.

Phishing

Phishing Threat Detection Telecommunications Malware

Millions of travelers of several airlines impacted by SITA data breach

Security Affairs

MARCH 5, 2021

SITA is a multinational information technology company providing IT and telecommunication services to the air transport industry. Around the world, nearly every passenger flight relies on SITA technology.

Data breaches

Data breaches Telecommunications Technology Hacking

Huawei faces 5G ban from British’s 5G network within months

Security Affairs

JULY 5, 2020

UK officials are drawing up proposals to stop installing new Huawei equipment in the 5G network within the year, they also plan to speed up the replacement of Chinese technology that has been already deployed. The decision comes after a new UK intelligence agency GCHQ’s report raised new security concerns over Huawei 5G equipment.

Technology

Technology Telecommunications Risk Manufacturing

Interview with Massimiliano Brolli, Head of TIM Red Team Research

Security Affairs

DECEMBER 11, 2020

This means that in addition to the traditional telecommunications business, the company is increasingly attentive to sectors like the cloud, the Internet of Things and cybersecurity. And this challenge is set to become even more important with the introduction of new technologies.

Cyber threats

Cyber threats Risk Telecommunications Cybersecurity

G7 calls on Russia to dismantle operations of ransomware gangs within its borders

Security Affairs

JUNE 14, 2021

The G7 members highlights the importance to collaborate to increase the security of supply chains, the statement also recognizes the foundational role that telecommunications infrastructure, including 5G and future communication technologies, plays and will play in underpinning our wider digital and ICT infrastructure.

Ransomware

Ransomware Cybercrime Telecommunications Accountability

Lyceum APT made the headlines with attacks in Middle East

Security Affairs

AUGUST 27, 2019

The activity of the Lyceum APT group was first documents earlier of August by researchers at ICS security firm Dragos that tracked it as Hexane. Security experts at Dragos Inc. reported that Hexane is targeting organizations in the oil and gas industry and telecommunication providers. ” continues the analysis.

DNS

DNS Penetration Testing Passwords Social Engineering

Lapsus$ extortion gang leaked the source code for some Microsoft projects

Security Affairs

MARCH 22, 2022

On Thursday, March 10, the group announced they’re starting to recruit insiders employed within major technology giants and ISPs, such companies include Microsoft, Apple, EA Games and IBM. Their scope of interests includes – major telecommunications companies such as Claro, Telefonica and AT&T.

Cybercrime

Cybercrime Telecommunications VPN Hacking

Operation Lyrebird: Group-IB assists INTERPOL in identifying suspect behind numerous cybercrimes worldwide

Security Affairs

JULY 6, 2021

According to Group-IB’s Threat Intelligence team, the suspect, dubbed Dr HeX by Group-IB based on one of the nicknames that he used, has been active since at least 2009 and is responsible for a number of cybercrimes, including phishing, defacing, malware development, fraud, and carding that resulted in thousands of unsuspecting victims.

Cybercrime

Cybercrime Phishing Banking Telecommunications

The U.S. FCC considers Huawei and ZTE as national security threats

Security Affairs

JULY 1, 2020

Federal Communications Commission (FCC) announced that Chinese telecommunications giants Huawei and ZTE are considered as national security threats. regulators declared Huawei and ZTE to be national security threats. Last week China accused the US government of “oppressing Chinese companies” after U.S.

Government

Government Telecommunications Internet Internet

Scanning for Flaws, Scoring for Security

Krebs on Security

DECEMBER 12, 2018

Is it fair to judge an organization’s information security posture simply by looking at its Internet-facing assets for weaknesses commonly sought after and exploited by attackers, such as outdated software or accidentally exposed data and devices? The October analysis by the Chamber and FICO gives U.S. How useful is such a score?

Cyber Risk

Cyber Risk Energy and Utilities Risk Marketing

Hive ransomware gang hit Costa Rica public health service

Security Affairs

MAY 31, 2022

The list of government entities hit by Conti affiliates also includes the country’s Ministry of Finance, its Ministry of Labor and Social Security (MTSS), the Ministry of Science, Innovation, Technology, and Telecommunications, and the Social Development and Family Allowances Fund (FODESAF).

Ransomware

Ransomware Government Telecommunications Hacking

The Analyst Prompt #05: Russo-Ukrainian Cyberattacks, and Updates on Lapsus$ and Conti Ransomware Operations

Security Boulevard

MARCH 24, 2022

On March 15th, research firm ESET reported a new data-wiping malware targeting Ukraine named CaddyWiper. [ 1 ] The malware “destroys user data and partitions information from attached drives”. The German Federal Office for Information Security (BSI) issued a warning about the use of Kaspersky products. [

Ransomware

Ransomware Malware Government Antivirus

Russia-linked Sandworm APT compromised 11 Ukrainian telecommunications providers

Russian Sandworm APT impersonates Ukrainian telcos to deliver malware

Trending Sources

Raspberry Robin malware used in attacks against Telecom and Governments

Threat actors exploit Ivanti VPN bugs to deploy KrustyLoader Malware

Nobelium APT uses new Post-Compromise malware MagicWeb

Earth Lusca expands its arsenal with SprySOCKS Linux malware

MI5 chief warns of Chinese cyber espionage reached an unprecedented scale

Raspberry Robin malware used in attacks against Telecom and Governments

Purple Lambert, a new malware of CIA-linked Lambert APT group

China-linked APT BlackTech was spotted hiding in Cisco router firmware

Sandworm APT targets Ukraine with new SwiftSlicer wiper

Telecom giant Lumen suffered a ransomware attack and disclose a second incident

Russia-linked Nobelium APT targets orgs in the global IT supply chain

Experts link Hermit spyware to Italian surveillance firm RCS Lab and a front company

France will not ban Huawei from its upcoming 5G networks

RansomBoggs Ransomware hit several Ukrainian entities, experts attribute it to Russia

GUEST ESSAY: Preparing for the dire cybersecurity consequences of Russia’s invasion of Ukraine

RedFoxtrot operations linked to China’s PLA Unit 69010 due to bad opsec

Trojanized Comm100 Live Chat app installer distributed a JavaScript backdoor

FIN11 gang started deploying ransomware to monetize its operations

Symantec uncovered a previously unknown nation-state actor, named Harvester, that targeted telcos

Sandworm APT group hit Ukrainian news agency with five data wipers

Russia-linked Nobelium APT group uses custom backdoor to target Windows domains

SFO discloses data breach following the hack of 2 of its websites

Lapsus$ Ransomware Group is hiring, it announced recruitment of insiders

China-linked APT41 group exploits Citrix, Cisco, Zoho flaws

Russia-linked APT8 exploited Outlook zero-day to target European NATO members

Nobelium APT targets French orgs, French ANSSI agency warns

Google TAG warns of Russia-linked APT groups targeting Ukraine

Security Affairs newsletter Round 438 by Pierluigi Paganini – International edition

Russian Sandworm disrupts power in Ukraine with a new OT attack

Russia-linked IRIDIUM APT linked to Prestige ransomware attacks against Ukraine

Microsoft details new sophisticated spear-phishing attacks from NOBELIUM

Millions of travelers of several airlines impacted by SITA data breach

Huawei faces 5G ban from British’s 5G network within months

Interview with Massimiliano Brolli, Head of TIM Red Team Research

G7 calls on Russia to dismantle operations of ransomware gangs within its borders

Lyceum APT made the headlines with attacks in Middle East

Lapsus$ extortion gang leaked the source code for some Microsoft projects

Operation Lyrebird: Group-IB assists INTERPOL in identifying suspect behind numerous cybercrimes worldwide

The U.S. FCC considers Huawei and ZTE as national security threats

Scanning for Flaws, Scoring for Security

Hive ransomware gang hit Costa Rica public health service

The Analyst Prompt #05: Russo-Ukrainian Cyberattacks, and Updates on Lapsus$ and Conti Ransomware Operations

Stay Connected