Telecommunications and VPN - Cyber Security Informer

Threat Spotlight: Credential Theft vs. Admin Control—Two Devastating Paths to VPN Exploitation

Digital Shadows

MARCH 17, 2025

Key Findings Even years after their disclosure, VPN-related vulnerabilities like CVE-2018-13379 and CVE-2022-40684 remain essential tools for attackers, driving large-scale campaigns of credential theft and administrative control. How AI and automation are amplifying the scale and sophistication of VPN attacks.

VPN

VPN Authentication Ransomware Risk

Australia, Canada, New Zealand, and the U.S. warn of PRC-linked cyber espionage targeting telecom networks

Security Affairs

DECEMBER 4, 2024

Strong segmentation with firewalls and DMZs, securing VPN gateways, and ensuring encrypted traffic with TLS v1.3 The US government’s continued investigation into the People’s Republic of China (PRC) targeting of commercial telecommunications infrastructure has revealed a broad and significant cyber espionage campaign.”

Telecommunications

Telecommunications Government Mobile Cyber threats

Security Affairs newsletter Round 530 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

JUNE 29, 2025

CISA adds AMI MegaRAC SPx, D-Link DIR-859 routers, and Fortinet FortiOS flaws to its Known Exploited Vulnerabilities catalog CitrixBleed 2: The nightmare that echoes the ‘CitrixBleed’ flaw in Citrix NetScaler devices Hackers deploy fake SonicWall VPN App to steal corporate credentials Mainline Health Systems data breach impacted over 100,000 (..)

Data breaches

Data breaches Ransomware Social Engineering Telecommunications

Security Affairs newsletter Round 511 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

FEBRUARY 15, 2025

Sorry, It’s Windows Malware Malware Mobile Indian Cyber Heist: FatBoyPanel And His Massive Data Breach Google Tag Manager Skimmer Steals Credit Card Info From Magento Site From South America to Southeast Asia: The Fragile Web of REF7707 Deep Learning-Driven Malware Classification with API Call Sequence Analysis and Concept Drift Handling Hacking (..)

Spyware

Spyware Firewall Artificial Intelligence Malware

Privacy Roundup: Week 12 of Year 2025

Security Boulevard

MARCH 24, 2025

but given the Salt Typhoon breach and the apparent lackluster security practices and culture at just about every American telecommunications company, this was too interesting to ignore. Cape is a mobile carrier startup claiming to provide a more secure and private service alternative to traditional telecommunications services.

Surveillance

Surveillance Telecommunications Spyware Data breaches

Security Affairs newsletter Round 500 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

DECEMBER 1, 2024

Soldier Major cybercrime operation nets 1,006 suspects UK hospital network postpones procedures after cyberattack Tether Has Become a Massive Money Laundering Tool for Mexican Drug Traffickers, Feds Say Florida Telecommunications and Information Technology Worker Sentenced for Conspiring to Act as Agent of Chinese Government Rockstar 2FA: A Driving (..)

Cybercrime

Cybercrime Firewall Phishing Social Engineering

Securing Critical Infrastructure Against Cyberattacks

SecureWorld News

JULY 1, 2025

officials revealed that the Chinese group Volt Typhoon had maintained undetected access to power grids, ports, and telecommunications providers for as long as five years—long enough to map every breaker, valve, and switch they might someday wish to sabotage. In February, U.S.

Social Engineering

Social Engineering Engineering Phishing Healthcare

Frequently Asked Questions About Iranian Cyber Operations

Security Boulevard

JUNE 27, 2025

APT34 OilRig Helix Kitten Hazel Sandstorm Earth Simnavaz Exploits internet-facing servers and uses supply chain attacks to target finance, energy, chemical, telecommunications and government sectors. CVE-2018-13379 Fortinet FortiOS SSL VPN Web Portal Path Traversal Vulnerability [ 1 ] [ 2 ] [ 3 ] 9.8

Accountability

Accountability Passwords Authentication Energy and Utilities

MuddyWater deploys new DCHSpy variants amid Iran-Israel conflict

Security Affairs

JULY 21, 2025

The group’s victims are mainly in the telecommunications, government (IT services), and oil sectors. MuddyWater targets organizations in multiple sectors, including telecommunications, defense, local government, and oil and natural gas in Asia, Africa, Europe, and North America. After Israel’s strikes, Lookout found new DCHSpy samples.

Spyware

Spyware Telecommunications Surveillance VPN

Think Linux desktop market share isn't over 6%? This 15 million-system scan says otherwise

Zero Day

AUGUST 7, 2025

In North America, industries such as technology and telecommunications and finance and insurance show significantly higher Linux adoption compared to Europe. Given the recent shift by European governments from Windows to Linux, this trend isn't surprising.

Marketing

Marketing Energy and Utilities Software Artificial Intelligence

Senate removes ban on state AI regulations from Trump's tax bill

Zero Day

JULY 1, 2025

" Previous proposals withheld internet funds Broadband Equity, Access, and Deployment (BEAD) is a $42-billion program run by the National Telecommunications and Information Administration (NTIA) that helps states build infrastructure to expand high-speed internet access.

Artificial Intelligence

Artificial Intelligence Password Management Energy and Utilities Internet

How the Senate's ban on state AI regulation imperils internet access

Zero Day

JUNE 27, 2025

How the moratorium works Broadband Equity, Access, and Deployment (BEAD) is a $42-billion program run by the National Telecommunications and Information Administration (NTIA) that helps states build infrastructure to expand high-speed internet access.

Internet

Internet Internet Artificial Intelligence Password Management

Every iPhone model that you supports iOS 26 (and which ones aren't compatible)

Zero Day

JUNE 12, 2025

You can check your iPhone's trade-in value at one of these retailers or at a telecommunications company's authorized dealer. Features like an intact screen and a working camera greatly influence resale or trade-in values. Show more Get the morning's top stories in your inbox each day with our Tech Today newsletter.

Password Management

Password Management Small Business Software Retail

Every iPhone model getting iOS 26 (and which ones don't support it)

Zero Day

JULY 12, 2025

You can check your iPhone's trade-in value at one of these retailers or at a telecommunications company's authorized dealer. Features like an intact screen and a working camera greatly influence resale or trade-in values. Show more Editor's note: This article was originally published in 2024.

Retail

Retail Artificial Intelligence Software Digital transformation

Every iPhone model that can be updated to Apple's iOS 26 (and which ones can't)

Zero Day

JUNE 10, 2025

You can check your iPhone's trade-in value at one of these retailers or at a telecommunications company's authorized dealer. Features like an intact screen and a working camera greatly influence resale or trade-in values. Show more Get the morning's top stories in your inbox each day with our Tech Today newsletter.

Password Management

Password Management Small Business Software Retail

Russia-linked Sandworm APT compromised 11 Ukrainian telecommunications providers

Security Affairs

OCTOBER 17, 2023

Russia-linked APT group Sandworm has hacked eleven telecommunication service providers in Ukraine between since May 2023. The Russia-linked APT group Sandworm (UAC-0165) has compromised eleven telecommunication service providers in Ukraine between May and September 2023, reported the Ukraine’s Computer Emergency Response Team (CERT-UA).

Telecommunications

Telecommunications Authentication Data collection Passwords

Hackers Were Inside Citrix for Five Months

Krebs on Security

FEBRUARY 19, 2020

It is perhaps best known for selling virtual private networking (VPN) software that lets users remotely access networks and computers over an encrypted connection. Iranian hackers recently have been blamed for hacking VPN servers around the world in a bid to plant backdoors in large corporate networks.

VPN

VPN Passwords Telecommunications Software

Russia bans VyprVPN, Opera VPN services for not complying with blacklist request

The Hacker News

JUNE 18, 2021

Russia's telecommunications and media regulator Roskomnadzor (RKN) on Thursday introduced restrictions on the operation of VyprVPN and Opera VPN services in the country. "In

VPN

VPN Telecommunications Media

Fox Kitten Campaign – Iranian hackers exploit 1-day VPN flaws in attacks

Security Affairs

FEBRUARY 16, 2020

Iranian hackers have been hacking VPN servers to plant backdoors in companies around the world. Iran-linked attackers targeted Pulse Secure, Fortinet, Palo Alto Networks, and Citrix VPNs to hack into large companies as part of the Fox Kitten Campaign. SecurityAffairs – Fox Kitten campaign, VPN ). Pierluigi Paganini.

VPN

VPN Telecommunications Hacking Advertising

Russia bans Opera VPN and VyprVPN, classifies them as threats

Bleeping Computer

JUNE 18, 2021

Roskomnadzor, Russia's telecommunications watchdog, has banned the use of Opera VPN and VyprVPN after classifying them as threats according to current Russian law. [.].

VPN

VPN Telecommunications

Experts warn of mass exploitation of Ivanti Connect Secure VPN flaws

Security Affairs

JANUARY 16, 2024

Experts warn that recently disclosed Ivanti Connect Secure VPN and Policy Secure vulnerabilities are massively exploited in the wild. Through forensic analysis of the memory sample, Volexity was able to recreate two proof-of-concept exploits that allowed full unauthenticated command execution on the ICS VPN appliance.

VPN

VPN Authentication Telecommunications Small Business

Voice Phishers Targeting Corporate VPNs

Krebs on Security

AUGUST 19, 2020

But one increasingly brazen group of crooks is taking your standard phishing attack to the next level, marketing a voice phishing service that uses a combination of one-on-one phone calls and custom phishing sites to steal VPN credentials from employees. The employee phishing page bofaticket[.]com. Image: urlscan.io. ” SPEAR VISHING.

Phishing

Phishing VPN Social Engineering Accountability

Threat actors exploit Ivanti VPN bugs to deploy KrustyLoader Malware

Security Affairs

JANUARY 31, 2024

Threat actors are exploiting recently disclosed zero-day flaws in Ivanti Connect Secure (ICS) VPN devices to deliver KrustyLoader. “Rust payloads detected by Volexity team turn out to be pretty interesting Sliver downloaders as they were executed on Ivanti Connect Secure VPN after the exploitation of CVE-2024-21887 and CVE-2023-46805.

VPN

VPN Malware Authentication Telecommunications

Russia forces Apple to remove dozens of VPN apps from App Store

Bleeping Computer

JULY 8, 2024

Apple has removed 25 virtual private network (VPN) apps from the Russian App Store at the request of Roskomnadzor, Russia's telecommunications watchdog. [.]

VPN

VPN Telecommunications Technology

Unpatched Fortinet VPN Devices Are Attacked by New Cring Ransomware

Heimadal Security

APRIL 8, 2021

The Cring ransomware, also known as Crypt3r, Vjiszy1lo, Ghost, Phantom, became noticeable in January when it was found by Amigo_A and spotted by the CSIRT team of Swiss telecommunications […]. The post Unpatched Fortinet VPN Devices Are Attacked by New Cring Ransomware appeared first on Heimdal Security Blog.

VPN

VPN Ransomware Telecommunications Cybersecurity

GUEST ESSAY: Why there’s no such thing as anonymity it this digital age

The Last Watchdog

MARCH 21, 2019

App developers, credit card, telecommunication companies, and others use the term “anonymous data” because it sells. LW contributor Goddy Ray is a content manager and researcher at Surfshark VPN. After the interview, I told him that his examples gave me paranoia. But anonymous data really doesn’t exist anymore.

Surveillance

Surveillance Telecommunications Government VPN

The Russian Government blocked ProtonMail and ProtonVPN

Security Affairs

FEBRUARY 2, 2020

The p opular ProtonMail end-to-end encrypted email service and ProtonVPN VPN service have been blocked by the Russian government this week. This week the Russian government has blocked the ProtonMail end-to-end encrypted email service and ProtonVPN VPN service.

Government

Government VPN Telecommunications Technology

Argentinian ISP Hit with $7.5 Million Ransomware Attack

SecureWorld News

JULY 21, 2020

Particularly during a time where telecommunication services are vital to preserving remote work and social connections, an attack like this carries damaging consequences. Telecom Argentina has not commented on the incident, when contacted by local press, and did not say if it intends to pay the ransom demand.".

Ransomware

Ransomware Telecommunications VPN Internet

Lapsus$ Ransomware Group is hiring, it announced recruitment of insiders

Security Affairs

MARCH 11, 2022

Their scope of interests include – major telecommunications companies such as Claro, Telefonica and AT&T. Notably, the actors are looking to buy remote VPN access and asking potential insiders to contact them privately via Telegram, they then reward them by paying for the access granted.

Ransomware

Ransomware Telecommunications Technology Threat Detection

Nobelium continues to target organizations worldwide with custom malware

Security Affairs

DECEMBER 6, 2021

NOBELIUM focuses on government organizations, non-government organizations (NGOs), think tanks, military, IT service providers, health technology and research, and telecommunications providers. The Nobelium cyberspies is using a new custom downloader tracked by the researchers as CEELOADER. ” reads the report published by Mandiant.

Malware

Malware VPN Telecommunications Accountability

Social media partially disrupted in Cuba amid anti-government protests

Security Affairs

JULY 13, 2021

AS27725) including Cubacel, the cellular network operated by Cuba’s sole telecommunications company.” VPN services have yet to be blocked in the country, allowing citizens to bypass internet censorship. NetBlocks reported that similar partial disruption was observed last year during the San Isidro protests in Havana.

Media

Media Government Telecommunications Internet

US Agencies and FireEye were hacked with a supply chain attack on SolarWinds Software

Security Affairs

DECEMBER 14, 2020

Nation-state actors, allegedly Russia-linked hacked, have compromised the networks of several US government agencies, including the US Treasury, the Commerce Department’s National Telecommunications and Information Administration (NTIA). The hack allowed the threat actors to spy on the internal email traffic. through 2020.2.1

Hacking

Hacking Software Telecommunications Government

GUEST ESSAY: Australia’s move compelling VPNs to cooperate with law enforcement is all wrong

The Last Watchdog

FEBRUARY 11, 2019

However, it looks like things are starting to break apart now that Australia has passed the “Telecommunications and Other Legislation Amendment (Assistance and Access) Bill 2018”. The amendment forces all companies, even VPN providers, to collect and give away confidential user data if the police demand it.

Encryption

Encryption VPN Telecommunications Data privacy

GALLIUM Threat Group targets global telcos, Microsoft warns

Security Affairs

DECEMBER 12, 2019

The Microsoft Threat Intelligence Center (MSTIC) warns of GALLIUM threat group targeting global telecommunication providers worldwide. The Microsoft Threat Intelligence Center (MSTIC) warns of GALLIUM threat group targeting global telecommunication providers worldwide. ” reads the warning published by Microsoft.

Telecommunications

Telecommunications DNS Malware Advertising

T-Mobile confirms Lapsus$ had access its systems

Security Affairs

APRIL 23, 2022

Telecommunication giant T-Mobile confirmed the LAPSUS$ extortion group gained access to its networks in March. In most cases, this involved social engineering employees at the targeted firm into adding one of their computers or mobiles to the list of devices allowed to authenticate with the company’s virtual private network (VPN).”

Mobile

Mobile VPN Social Engineering Telecommunications

Lapsus$ gang claims to have hacked Microsoft source code repositories

Security Affairs

MARCH 21, 2022

Their scope of interests includes – major telecommunications companies such as Claro, Telefonica and AT&T. Notably, the actors are looking to buy remote VPN access and asking potential insiders to contact them privately via Telegram, they then reward them by paying for the access granted.

Hacking

Hacking InfoSec Telecommunications Cybercrime

Ukrainian police arrested Ransomware gang behind attacks on 50 companies

Security Affairs

JANUARY 14, 2022

The gang was also providing VPN-like services used by other cybercriminal organizations to carry out malicious activities used to deliver malware to the target organization. Source SSU. The law enforcement arrested the leader of the group, a 36-year-old man that lives in Kyiv, along with his wife and three other acquaintances.

Ransomware

Ransomware DDOS Telecommunications Malware

It’s official, Lapsus$ gang compromised a Microsoft employee’s account

Security Affairs

MARCH 23, 2022

virtual private network (VPN), remote desktop protocol (RDP), virtual desktop infrastructure (VDI) including Citrix, or Identity providers (including Azure Active Directory, Okta)). Their scope of interests includes – major telecommunications companies such as Claro, Telefonica and AT&T. ” continues the analysis.

Accountability

Accountability VPN Hacking Social Engineering

China-linked threat actors have breached telcos and network service providers

Security Affairs

JUNE 8, 2022

China-linked threat actors have breached telecommunications companies and network service providers to spy on the traffic and steal data. US NSA, CISA, and the FBI published a joint cybersecurity advisory to warn that China-linked threat actors have breached telecommunications companies and network service providers.

Telecommunications

Telecommunications Authentication Passwords Accountability

The Best Ways to Secure Communication Channels in The Enterprise Environment

CyberSecurity Insiders

DECEMBER 12, 2021

VPNs or Virtual Private Networks give you a secure platform where you can get a secure tunnel to send and receive information. Using a VPN gives you lots of benefits. Firstly, your IP address is completely hidden since VPNs redirect your data through a remote server. This server is run by the VPN host.

VPN

VPN Encryption Passwords Telecommunications

Cuttlefish malware targets enterprise-grade SOHO routers

Security Affairs

MAY 1, 2024

The malware creates a proxy or VPN tunnel on the compromised router to exfiltrate data, and then uses stolen credentials to access targeted resources. The experts noticed that the infection chain was distinct, with 99% of infections originating in Turkey, primarily from two major telecommunications providers.

Malware

Malware DNS Authentication Telecommunications

China-linked Alloy Taurus APT uses a Linux variant of PingPull malware

Security Affairs

APRIL 26, 2023

The Chinese APT is known to be focused on telecommunications companies operating across Asia, Europe and Africa. Alloy Taurus is known for leveraging the SoftEther VPN service to facilitate access and maintain persistence to their targeted network.

Malware

Malware Telecommunications Government VPN

The War in Technology: A Digital Iron Curtain Goes Up

SecureWorld News

MARCH 10, 2022

We know that war has impacts on telecommunications, but what we've seen in Ukraine is on a different level.". These documents outlined a series of measures the Kremlin wants state-owned websites and online portals to implement by the end of this week in order to "coordinate actions to defend telecommunication services on the internet.".

Technology

Technology Internet Internet Telecommunications

Lapsus$ extortion gang claims to have stolen sensitive data from Okta

Security Affairs

MARCH 22, 2022

Their scope of interests includes – major telecommunications companies such as Claro, Telefonica and AT&T. Notably, the actors are looking to buy remote VPN access and asking potential insiders to contact them privately via Telegram, they then reward them by paying for the access granted.

Telecommunications

Telecommunications Data breaches Hacking VPN

Threat Spotlight: Credential Theft vs. Admin Control—Two Devastating Paths to VPN Exploitation

Australia, Canada, New Zealand, and the U.S. warn of PRC-linked cyber espionage targeting telecom networks

Trending Sources

Security Affairs newsletter Round 530 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs newsletter Round 511 by Pierluigi Paganini – INTERNATIONAL EDITION

Privacy Roundup: Week 12 of Year 2025

Security Affairs newsletter Round 500 by Pierluigi Paganini – INTERNATIONAL EDITION

Securing Critical Infrastructure Against Cyberattacks

Frequently Asked Questions About Iranian Cyber Operations

MuddyWater deploys new DCHSpy variants amid Iran-Israel conflict

Think Linux desktop market share isn't over 6%? This 15 million-system scan says otherwise

Senate removes ban on state AI regulations from Trump's tax bill

How the Senate's ban on state AI regulation imperils internet access

Every iPhone model that you supports iOS 26 (and which ones aren't compatible)

Every iPhone model getting iOS 26 (and which ones don't support it)

Every iPhone model that can be updated to Apple's iOS 26 (and which ones can't)

Russia-linked Sandworm APT compromised 11 Ukrainian telecommunications providers

Hackers Were Inside Citrix for Five Months

Russia bans VyprVPN, Opera VPN services for not complying with blacklist request

Fox Kitten Campaign – Iranian hackers exploit 1-day VPN flaws in attacks

Russia bans Opera VPN and VyprVPN, classifies them as threats

Experts warn of mass exploitation of Ivanti Connect Secure VPN flaws

Voice Phishers Targeting Corporate VPNs

Threat actors exploit Ivanti VPN bugs to deploy KrustyLoader Malware

Russia forces Apple to remove dozens of VPN apps from App Store

Unpatched Fortinet VPN Devices Are Attacked by New Cring Ransomware

GUEST ESSAY: Why there’s no such thing as anonymity it this digital age

The Russian Government blocked ProtonMail and ProtonVPN

Argentinian ISP Hit with $7.5 Million Ransomware Attack

Lapsus$ Ransomware Group is hiring, it announced recruitment of insiders

Nobelium continues to target organizations worldwide with custom malware

Social media partially disrupted in Cuba amid anti-government protests

US Agencies and FireEye were hacked with a supply chain attack on SolarWinds Software

GUEST ESSAY: Australia’s move compelling VPNs to cooperate with law enforcement is all wrong

GALLIUM Threat Group targets global telcos, Microsoft warns

T-Mobile confirms Lapsus$ had access its systems

Lapsus$ gang claims to have hacked Microsoft source code repositories

Ukrainian police arrested Ransomware gang behind attacks on 50 companies

It’s official, Lapsus$ gang compromised a Microsoft employee’s account

China-linked threat actors have breached telcos and network service providers

The Best Ways to Secure Communication Channels in The Enterprise Environment

Cuttlefish malware targets enterprise-grade SOHO routers

China-linked Alloy Taurus APT uses a Linux variant of PingPull malware

The War in Technology: A Digital Iron Curtain Goes Up

Lapsus$ extortion gang claims to have stolen sensitive data from Okta

Stay Connected