Information Security, Telecommunications and VPN

Russia-linked Sandworm APT compromised 11 Ukrainian telecommunications providers

Security Affairs

OCTOBER 17, 2023

Russia-linked APT group Sandworm has hacked eleven telecommunication service providers in Ukraine between since May 2023. The Russia-linked APT group Sandworm (UAC-0165) has compromised eleven telecommunication service providers in Ukraine between May and September 2023, reported the Ukraine’s Computer Emergency Response Team (CERT-UA).

Telecommunications

Telecommunications Authentication Data collection Passwords

Threat actors exploit Ivanti VPN bugs to deploy KrustyLoader Malware

Security Affairs

JANUARY 31, 2024

Threat actors are exploiting recently disclosed zero-day flaws in Ivanti Connect Secure (ICS) VPN devices to deliver KrustyLoader. Targets span across the globe, they include both small businesses and large organizations. The experts published the Yara rule for the detection of similar KrustyLoader samples.

VPN

VPN Malware Authentication Small Business

Experts warn of mass exploitation of Ivanti Connect Secure VPN flaws

Security Affairs

JANUARY 16, 2024

Experts warn that recently disclosed Ivanti Connect Secure VPN and Policy Secure vulnerabilities are massively exploited in the wild. Through forensic analysis of the memory sample, Volexity was able to recreate two proof-of-concept exploits that allowed full unauthenticated command execution on the ICS VPN appliance.

VPN

VPN Authentication Small Business Telecommunications

Lapsus$ gang claims to have hacked Microsoft source code repositories

Security Affairs

MARCH 21, 2022

Their scope of interests includes – major telecommunications companies such as Claro, Telefonica and AT&T. Notably, the actors are looking to buy remote VPN access and asking potential insiders to contact them privately via Telegram, they then reward them by paying for the access granted.

Hacking

Hacking Telecommunications InfoSec Cybercrime

FBI chief says China is preparing to attack US critical infrastructure

Security Affairs

APRIL 19, 2024

In December 2023, Microsoft first noticed that to conceal malicious traffic, the threat actor routes it through compromised small office and home office (SOHO) network devices, including routers, firewalls, and VPN hardware. The group also relies on customized versions of open-source tools for C2 communications and to stay under the radar.

Energy and Utilities

Energy and Utilities Telecommunications Technology VPN

China-linked Alloy Taurus APT uses a Linux variant of PingPull malware

Security Affairs

APRIL 26, 2023

The Chinese APT is known to be focused on telecommunications companies operating across Asia, Europe and Africa. Alloy Taurus is known for leveraging the SoftEther VPN service to facilitate access and maintain persistence to their targeted network.

Malware

Malware Telecommunications Government VPN

The Russian Government blocked ProtonMail and ProtonVPN

Security Affairs

FEBRUARY 2, 2020

The p opular ProtonMail end-to-end encrypted email service and ProtonVPN VPN service have been blocked by the Russian government this week. This week the Russian government has blocked the ProtonMail end-to-end encrypted email service and ProtonVPN VPN service.

Government

Government VPN Telecommunications Advertising

The Best Ways to Secure Communication Channels in The Enterprise Environment

CyberSecurity Insiders

DECEMBER 12, 2021

ProtonMail comes with PGP fully integrated, thus allowing you to send sensitive information securely without any extra effort. Just select the right app, create a secure channel, and you are good to go. VPNs or Virtual Private Networks give you a secure platform where you can get a secure tunnel to send and receive information.

VPN

VPN Passwords Encryption Mobile

T-Mobile confirms Lapsus$ had access its systems

Security Affairs

APRIL 23, 2022

Telecommunication giant T-Mobile confirmed the LAPSUS$ extortion group gained access to its networks in March. In most cases, this involved social engineering employees at the targeted firm into adding one of their computers or mobiles to the list of devices allowed to authenticate with the company’s virtual private network (VPN).”

Mobile

Mobile VPN Social Engineering Telecommunications

Lapsus$ Ransomware Group is hiring, it announced recruitment of insiders

Security Affairs

MARCH 11, 2022

Their scope of interests include – major telecommunications companies such as Claro, Telefonica and AT&T. Notably, the actors are looking to buy remote VPN access and asking potential insiders to contact them privately via Telegram, they then reward them by paying for the access granted.

Ransomware

Ransomware Telecommunications Technology VPN

China-linked threat actors have breached telcos and network service providers

Security Affairs

JUNE 8, 2022

China-linked threat actors have breached telecommunications companies and network service providers to spy on the traffic and steal data. US NSA, CISA, and the FBI published a joint cybersecurity advisory to warn that China-linked threat actors have breached telecommunications companies and network service providers.

Telecommunications

Telecommunications Authentication Passwords Accountability

Social media partially disrupted in Cuba amid anti-government protests

Security Affairs

JULY 13, 2021

AS27725) including Cubacel, the cellular network operated by Cuba’s sole telecommunications company.” VPN services have yet to be blocked in the country, allowing citizens to bypass internet censorship. NetBlocks reported that similar partial disruption was observed last year during the San Isidro protests in Havana.

Media

Media Government Internet Internet

Lapsus$ extortion gang claims to have stolen sensitive data from Okta

Security Affairs

MARCH 22, 2022

Their scope of interests includes – major telecommunications companies such as Claro, Telefonica and AT&T. Notably, the actors are looking to buy remote VPN access and asking potential insiders to contact them privately via Telegram, they then reward them by paying for the access granted.

Telecommunications

Telecommunications Data breaches VPN Hacking

Lapsus$ extortion gang leaked the source code for some Microsoft projects

Security Affairs

MARCH 22, 2022

Their scope of interests includes – major telecommunications companies such as Claro, Telefonica and AT&T. Notably, the actors are looking to buy remote VPN access and asking potential insiders to contact them privately via Telegram, they then reward them by paying for the access granted.

Cybercrime

Cybercrime Telecommunications VPN Hacking

GALLIUM Threat Group targets global telcos, Microsoft warns

Security Affairs

DECEMBER 12, 2019

The Microsoft Threat Intelligence Center (MSTIC) warns of GALLIUM threat group targeting global telecommunication providers worldwide. The Microsoft Threat Intelligence Center (MSTIC) warns of GALLIUM threat group targeting global telecommunication providers worldwide. ” reads the warning published by Microsoft.

Telecommunications

Telecommunications DNS Malware Advertising

US Agencies and FireEye were hacked with a supply chain attack on SolarWinds Software

Security Affairs

DECEMBER 14, 2020

Nation-state actors, allegedly Russia-linked hacked, have compromised the networks of several US government agencies, including the US Treasury, the Commerce Department’s National Telecommunications and Information Administration (NTIA). The hack allowed the threat actors to spy on the internal email traffic. through 2020.2.1

Software

Software Hacking Telecommunications Government

Ukrainian police arrested Ransomware gang behind attacks on 50 companies

Security Affairs

JANUARY 14, 2022

The gang was also providing VPN-like services used by other cybercriminal organizations to carry out malicious activities used to deliver malware to the target organization. Source SSU. The law enforcement arrested the leader of the group, a 36-year-old man that lives in Kyiv, along with his wife and three other acquaintances.

Ransomware

Ransomware DDOS Telecommunications Malware

Russia’s watchdog Roskomnadzor threatens to fine Twitter and Facebook

Security Affairs

FEBRUARY 2, 2020

Russia’s telecommunications watchdog Roskomnadzor has instituted administrative proceedings against Facebook and Twitter after they refused to store data of Russian users on servers located in the country. This week the Russian government has blocked the ProtonMail end-to-end encrypted email service and ProtonVPN VPN service.

Telecommunications

Telecommunications VPN Advertising Government

What to do if your company was mentioned on Darknet?

SecureList

DECEMBER 12, 2023

To find out, in 2022 we created a list of 700 companies worldwide from different industries: industrial, telecommunication, financial, retail, and others. In the case of leakage, there is no time to regret your unrealized security controls or not conducted information security training. And what you should do with it?

Data breaches

Data breaches Accountability Telecommunications Malware

Fox Kitten Campaign – Iranian hackers exploit 1-day VPN flaws in attacks

Security Affairs

FEBRUARY 16, 2020

Iranian hackers have been hacking VPN servers to plant backdoors in companies around the world. Iran-linked attackers targeted Pulse Secure, Fortinet, Palo Alto Networks, and Citrix VPNs to hack into large companies as part of the Fox Kitten Campaign. SecurityAffairs – Fox Kitten campaign, VPN ). Pierluigi Paganini.

VPN

VPN Telecommunications Advertising Hacking

It’s official, Lapsus$ gang compromised a Microsoft employee’s account

Security Affairs

MARCH 23, 2022

virtual private network (VPN), remote desktop protocol (RDP), virtual desktop infrastructure (VDI) including Citrix, or Identity providers (including Azure Active Directory, Okta)). Their scope of interests includes – major telecommunications companies such as Claro, Telefonica and AT&T. ” continues the analysis.

Accountability

Accountability VPN Social Engineering Hacking

Nobelium continues to target organizations worldwide with custom malware

Security Affairs

DECEMBER 6, 2021

NOBELIUM focuses on government organizations, non-government organizations (NGOs), think tanks, military, IT service providers, health technology and research, and telecommunications providers. The Nobelium cyberspies is using a new custom downloader tracked by the researchers as CEELOADER. ” reads the report published by Mandiant.

Malware

Malware VPN Telecommunications Accountability

Ransomware world in 2021: who, how and why

SecureList

MAY 12, 2021

Hackers who are on the lookout for publicly disclosed vulnerabilities (1-days) in internet facing software, such as VPN appliances or email gateways. Access sellers. As soon as such a vulnerability is disclosed, they compromise as many affected servers as possible before the defenders have applied the corresponding updates.

Ransomware

Ransomware Encryption Malware Cybercrime

Group-IB Hi-Tech Crime Trends 2020/2021 report

Security Affairs

NOVEMBER 25, 2020

Group-IB’s report Hi-Tech Crime Trends 2020/2021 examines various aspects of cybercrime industry operations and predicts changes to the threat landscape for various sectors, namely the financial industry, telecommunications, retail, manufacturing, and the energy sector. downloaders), and new types of botnets (brute-force botnets).

Banking

Banking Ransomware Phishing Marketing

Cyber Security Informer

Russia-linked Sandworm APT compromised 11 Ukrainian telecommunications providers

Threat actors exploit Ivanti VPN bugs to deploy KrustyLoader Malware

Trending Sources

Experts warn of mass exploitation of Ivanti Connect Secure VPN flaws

Lapsus$ gang claims to have hacked Microsoft source code repositories

FBI chief says China is preparing to attack US critical infrastructure

China-linked Alloy Taurus APT uses a Linux variant of PingPull malware

The Russian Government blocked ProtonMail and ProtonVPN

The Best Ways to Secure Communication Channels in The Enterprise Environment

T-Mobile confirms Lapsus$ had access its systems

Lapsus$ Ransomware Group is hiring, it announced recruitment of insiders

China-linked threat actors have breached telcos and network service providers

Social media partially disrupted in Cuba amid anti-government protests

Lapsus$ extortion gang claims to have stolen sensitive data from Okta

Lapsus$ extortion gang leaked the source code for some Microsoft projects

GALLIUM Threat Group targets global telcos, Microsoft warns

US Agencies and FireEye were hacked with a supply chain attack on SolarWinds Software

Ukrainian police arrested Ransomware gang behind attacks on 50 companies

Russia’s watchdog Roskomnadzor threatens to fine Twitter and Facebook

What to do if your company was mentioned on Darknet?

Fox Kitten Campaign – Iranian hackers exploit 1-day VPN flaws in attacks

It’s official, Lapsus$ gang compromised a Microsoft employee’s account

Nobelium continues to target organizations worldwide with custom malware

Ransomware world in 2021: who, how and why

Group-IB Hi-Tech Crime Trends 2020/2021 report

Stay Connected